Query ldap CDP with ldapsearch

bgstack15

2024-05-25 09:21

Quick and dirty note for manual inspection of the CRL distribution point stored in LDAP (so primarily for M$ use cases).

ldapsearch -LLL -o ldif-wrap=9000 -H ldap://example.corp -b "CN=CA Name V3,CN=hostname,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=example,DC=corp" "(objectclass=cRLDistributionPoint)" -x -w "KEEPASS" -D "CN=Account,OU=Accounts,DC=example,DC=corp" certificateRevocationList | awk -F'::' '$1~/certificateRevocationList/{print $NF}' > ~/tmp1
{ printf '%s\n' '-----BEGIN X509 CRL-----' ; <~/tmp1 tr -d '\r\n ' | fold -w64 ; printf '\n%s' '-----END X509 CRL-----' ; } | openssl crl -in /dev/stdin -noout -text

References

getting CRL from Active Directory using ldapsearch
Understanding Certificate Revocation List using OpenSSL | by Arpana Gupta | Medium

Knowledge Base

References

Comments