Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-08-14 20:47:57.0

IP Range for Entrust Revocation CRL/OCSP

Article Number: 46455

Question:

What is the IP range for Entrust revocation CRL/OCSP

Answer:

The Entrust IP addresses used revocation checks are dynamic and globally load balanced, because of this Entrust cannot provide a set of Static IP addresses.

Other Options:

01. White list the FQDN's listed below:

crl.entrust.net
crl2.entrust.net
ocsp.entrust.net

02. Proxy the CRL requests to a server in DMZ.

Request to crl.entrust.net would be directed to a proxy server which has internet access. Proxy server downloads the CRL.
Implementation details are dependent on the hardware/software available to execute this setup.

03. Host the CRL internally.

Manually download the CRL and host it on the internal server.
CRL would have to be re-downloaded periodically to keep an up to date view.

If you have any questions or issue, please contact Cloud Support: https://www.entrust.com/get-support/ssl-certificate-support/contact-ssl-support/
 

TN8715