On Sun, Apr 19, 2015 at 11:38 AM, Victorian Spirit <[email protected]> wrote: > Dear all, > I'm trying to get slapd (compiled against libgnutls) working with CRL > checking. > So i created a CRL via certtool based on a cert i want to revoke. > In slapd i used 'TLSCRLFile' this seems to be ignored. > The client certificate is revoked and the CRL is verified with success, > certtool --generate-crl --load-ca-privkey=ca-key.pem > --load-ca-certificate=ca-cert.pem --outfile=crl.pem
This command generates an empty CRL. What is the output of crl-info? For an example to generate a CRL using certtool see "Certificate revocation list generation" in http://www.gnutls.org/manual/html_node/certtool-Invocation.html > gnutls-serv --x509keyfile=clients/lrc-ldap.key \ > --x509certfile=clients/lrc-ldap.crt \ > --x509crlfile=crl.pem \ > --x509cafile=ca-cert.pem --echo This command does not verify the client certificate. To enable client certificate verification use "-r" or --verify-client-cert. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
