[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL

It considers that the CRL found at "hash".r0 isn't valid or sufficient to give a revocation status of your certificate.
Could you post the subscriber certificate, its issuing CA cert, and the corresponding CRL somewhere?

2014-04-14 10:32 GMT+02:00 Emmanuel Dreyfus <manu@netbsd.org>:
On Sun, Apr 13, 2014 at 12:21:10PM +0200, Christian Kratzer wrote:
> >I think this is because the CRL Next Update is in the past. ÂI will
> >renew the CRL to check that.
> yes an expired crl will usually cause validation to fail.

Now with a valid CRL, I still have the same problem: it loads
/etc/openssl/certs/0726b466.r0, then tries and fails on:

And then it fails with this complain:
TLS certificate verification: Error, unable to get certificate CRL

Emmanuel Dreyfus