[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL



It considers that the CRL found at "hash".r0 isn't valid or sufficient to give a revocation status of your certificate.
Could you post the subscriber certificate, its issuing CA cert, and the corresponding CRL somewhere?



2014-04-14 10:32 GMT+02:00 Emmanuel Dreyfus <manu@netbsd.org>:
On Sun, Apr 13, 2014 at 12:21:10PM +0200, Christian Kratzer wrote:
> >I think this is because the CRL Next Update is in the past. ÂI will
> >renew the CRL to check that.
>
> yes an expired crl will usually cause validation to fail.

Now with a valid CRL, I still have the same problem: it loads
/etc/openssl/certs/0726b466.r0, then tries and fails on:
/etc/openssl/certs/0726b466.r1
/etc/openssl/cert.pem/0726b466.r0

And then it fails with this complain:
TLS certificate verification: Error, unable to get certificate CRL


--
Emmanuel Dreyfus
manu@netbsd.org




--
Erwann.