[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL


On Sun, 13 Apr 2014, Emmanuel Dreyfus wrote:
Christian Kratzer <ck-lists@cksoft.de> wrote:

looks for an inexistant ${hash}.r1 file. What should be there?
Propably an update to the crl.  You would have to lookup the openssl
docs to be sure.

I think this is because the CRL Next Update is in the past.  I will
renew the CRL to check that.

yes an expired crl will usually cause validation to fail.

I have experienced this regularly when forettting to update the crl
for ipsec vpn with racoon. Should be the same for openldap.


Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/