Hi Craig, I'm trying to do the same - can you share either the openssl.cnf files or the cert/crl files the enabled you to get this working?
The examples you provided in the thread were for Stephen Henson's, but I want to try the more official route... Thanks, Kent > I also managed to get my original example working, which includes the > CRL distribution point extension in the certificate and the issuing > distribution point extension in the CRL (with the indirect CRL flag) > by using matching names for the CA and CRL issuer. As you mentioned, > this relies on the fact that the default scope for a CRL entry is the > CRL issuer unless the certificate issuer extension is present. This > seems like a slightly 'safer' CRL delegation method in that it's > explicit delegation. However, it does rely on several extensions > which may not be supported by all implementations... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
