Entrust Certificate Services Support Knowledge BaseLast Modified: 2016-08-14 20:47:57.0
IP Range for Entrust Revocation CRL/OCSP
Article Number: 46455Question:
What is the IP range for Entrust revocation CRL/OCSP
The Entrust IP addresses used revocation checks are dynamic and globally load balanced, because of this Entrust cannot provide a set of Static IP addresses.
01. White list the FQDN's listed below:
02. Proxy the CRL requests to a server in DMZ.
Request to crl.entrust.net would be directed to a proxy server which has internet access. Proxy server downloads the CRL.
Implementation details are dependent on the hardware/software available to execute this setup.
03. Host the CRL internally.
Manually download the CRL and host it on the internal server.
CRL would have to be re-downloaded periodically to keep an up to date view.
If you have any questions or issue, please contact Cloud Support: https://www.entrust.com/get-support/ssl-certificate-support/contact-ssl-support/