On Feb 26, 5:49 pm, Kyle Hamilton <aerow...@gmail.com> wrote: > 2009/2/26 Eddy Nigg <eddy_n...@startcom.org>: > > > On 02/26/2009 04:18 PM, stefan.claes...@gmail.com: > > >> The CRL that you have problems with are generated manually trough > >> our offline CA. (RSA Certificate Manager) When generating manually you > >> just copy > >> the crl into notepad and save it as crl. > > > It's very easy to convert them to DER afterward. You can do it even now. > > Are you using OpenSSL or another tool? > > Any recent (i.e., 0.9.7 or 0.9.8) version of openssl can do this. The > command line to do so is: > > openssl crl -inform PEM -in [PEMCRLfile] -outform DER -out [DERCRLfile] > > This works on Windows and UNIX at the least, if you have a compiled > copy of openssl for Windows. As this is a security-conscious tool, I > would recommend compiling it from source yourself -- but not on the > machine that contains the offline CA (it involves installing the > compiler and the development kit, and that's a lot of unaudited > software to be running on a critical system). > > I am not sure how NSS's crlutil handles PEM, or which tool would be > used to de-PEM the target. > > -Kyle H
Hi all, I converted the CRL's into DER format and now I can open them in Firefox. Please try for yourselfs! :) http://fedir.comsign.co.il/crl/ComSignCA.crl http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl Thanks everyone! Stefan Claesson ComSign -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto