I think we solved it...
It seems that Outlook really loops when it tries to fetch the CRL which is on the SSL Server.
The problem can be reproduced:
Browser IE6 Website via https Certificate contains CRL Ditribution Point CDP is protected by this Certificate
It ssems that IE checks for the SSL-Cert, then for the CRL, then vor the SSL-Cert which protects the CRL -> loop
Solution: the Webservers Cert must not contain a SSL-protected URI from the same CA.
In my special case: The Mailcerts keep their SSL CDP, the CRL is loaded via SSL and the SSL-Cert is verified through a non-SSL CDP - so I can keep my old certificates. (I just re-issued the Webservers Cert with the new CDP)
Thx esp. to Chris and Pierre
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
