2009/2/26 Eddy Nigg <eddy_n...@startcom.org>: > On 02/26/2009 04:18 PM, stefan.claes...@gmail.com: >> >> The CRL that you have problems with are generated manually trough >> our offline CA. (RSA Certificate Manager) When generating manually you >> just copy >> the crl into notepad and save it as crl. >> > > It's very easy to convert them to DER afterward. You can do it even now. Are > you using OpenSSL or another tool?
Any recent (i.e., 0.9.7 or 0.9.8) version of openssl can do this. The command line to do so is: openssl crl -inform PEM -in [PEMCRLfile] -outform DER -out [DERCRLfile] This works on Windows and UNIX at the least, if you have a compiled copy of openssl for Windows. As this is a security-conscious tool, I would recommend compiling it from source yourself -- but not on the machine that contains the offline CA (it involves installing the compiler and the development kit, and that's a lot of unaudited software to be running on a critical system). I am not sure how NSS's crlutil handles PEM, or which tool would be used to de-PEM the target. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
