1. Manually creating CRLs When using a SQL database for the CA, am unable to export generated CRL's to the RA. This works if the CA is built with --enable-db --disable-dbi but does not work when built with --disable-db --enable dbi.
I think the problem is that the CRL does not seem to get added to CRL in the database. (SELECT * FROM crl; returns "Empty set") The CRLs to exist in the [openca]/var/crypto/crls directory. This occurs using mysql for the database. Is this a known problem? Or this there something potentially incorrect in my configuration? 2. Batch Revocation When running the batch process to revoke certificates I seem to get caught in an indefinite loop. (due to #1 this is with --enable-db) I think that the same record is being returned from the database to the while($request = $db->getNextItem ... loop in [openca]/lib/cmds/bpRevokeCerticate This script also seems to have problems verifying the roles of the certificate being revoked and the role of the CRR signer if I make it skip that check. Any ideas what might be causing this? Thanks heaps Craig. ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd522.html _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
