4 Replies Latest reply on Jun 3, 2015 2:17 AM by asabban

    Can I use the list "Known CAs" for other purposes?

    bornheim

      Hi,

       

      there is this McAfee maintained list of known CAs. I would like to use this list in a way which is possibly not intended.

       

      I have a rule which decides if some requests can pass without authentication. This is mostly for Firefox's checks for updates, i.e.

           regex(^(http|https)://[^/]*(addons|download)\.mozilla\.org($|/.*))

       

      Sometimes there are clients which insist to check for CRLs for themselves, namely the Cisco WebEx Client. Dogmatically it hard-failed when the certificate changed and the CRL URI was not on my white list.

       

      On the other hand: exactly this CRL URI is in "Known CAs". What I do not know: can I use this list like in

           URL is in list "Known CAs"

      to shorten my manually maintained white list?

       

      Kind regards,

      Robert