[Bug]: by default, CRL file is served with `.DER` extension, expected `.CRL`

[filimonic]

Steps to Reproduce

• Enable CRL
• Download CRL from /1.0/crl with something that respects Content-Disposition: filename

Your Environment

• OS - docker image smallstep/step-ca:0.29.0
• step-ca Version - 0.29.0

Expected Behavior

When downloading crl file from step-ca, server should offer client to use .crl file extension by default.

Actual Behavior

When downloading crl file from step-ca, server offers client to use crl.der file name by default (so, .der extension).

Additional Context

IANA:

CRL file in DER format with type application/pkix-crl should have .CRL extension, as registered by IANA

Windows:

In Windows systems, files with this extension .der are associated with application/x-x509-ca-cert type. This causes Windows to try opening this file as certificate and showing error This file is invalid for use as the following: Security Certificate.

The only extension associated with application/pkix-crl is .crl

This line: should be fixed

certificates/api/crl.go

Line 43 in f088be2

w.Header().Add("Content-Disposition", "attachment; filename=\"crl.der\"")

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).