Blog | G5 Cyber Security

CRL Filenames: Multiple Full Stops?

G5 Cyber Security

TL;DR

Yes, a Certificate Revocation List (CRL) file can contain multiple full stops (periods) in its name. However, it depends on the operating system and how you’re accessing/using the CRL. Some systems might interpret them as separators or cause issues with parsing. It’s best practice to avoid using multiple full stops in a CRL filename.

Solution Guide

  1. Understanding CRL Files: A CRL is a list of revoked digital certificates. They are used by software to check if a certificate is still valid before trusting it.
  2. Filename Restrictions – Operating System Dependent: The rules for filenames vary between operating systems.
    • Windows: Windows generally allows multiple full stops in filenames, but there can be limitations with very long names or specific characters after the final full stop (e.g., it might truncate the filename).
    • Linux/macOS: Linux and macOS are more flexible with filenames and typically allow multiple full stops without issue. However, command-line tools or scripts may interpret them in unexpected ways if not handled correctly.
  3. Potential Problems with Multiple Full Stops:
    • Parsing Issues: Some software might incorrectly parse a CRL filename containing multiple full stops, especially if it’s expecting a specific format (e.g., assuming the last part after a full stop is the file extension).
    • Command-Line Interpretation: In command-line environments, multiple full stops can sometimes be misinterpreted as directory separators or cause issues with scripting. 
      # Example - potential issue in bash if not quoted properly
ls my.crl..file  # Might try to navigate directories instead of listing the file
    • Compatibility: Older systems or software might have stricter filename limitations and fail to process CRLs with multiple full stops.
  4. Best Practice – Avoid Multiple Full Stops: To ensure maximum compatibility and avoid potential issues, it’s strongly recommended to use a single full stop (period) to separate the base name from the file extension in your CRL filenames.
    • Example Good Filenames: mycrl.pem, certificate_revocation_list.crl
    • Example Bad Filenames: my..crl.pem, certificate.revocation.list.crl
  5. Checking CRL Validity (Regardless of Filename): The important thing is that the CRL itself is valid and correctly formatted. 
    openssl crl -in mycrl.pem -text # Check the contents and validity of the CRL
  6. Renaming a CRL File (If Necessary): If you have a CRL file with multiple full stops that’s causing problems, rename it to use a simpler filename. 
    mv my..crl.pem mycrl.pem # Rename the file in Linux/macOS
Exit mobile version