Hiya,
I've a client/server system using openssl with verified
certificates. It's not a browser/Web server. The CA, server and client
certificates are all built using the openssl proggie. Ive run into a
problem where the certificate verification fails 30 days after I've
built the new CA and set everything up. The expiry dates on the
certificates are a few years down the track so I'm thinking it's the 30
day CRL limit in my .cnf file that's causing the problem.
I'm looking for some help understanding the mechanics of CRL usage.
All I've been able to find on the archives deal with browsers and web
servers. I'm hoping someone can spare a few IQ points to help me out
here.
(1) Where does the CRL reside. Server, Client or Both ?
(2) Is the check made on the server or client side ?
(3) How do I present openssl with a new CRL ?
(4) Will openssl handle CRL verification or do I do this in the
verify exit ?
(5) Does anyone have a cookbook or some code I can crib from ?
Thanks in advance for any help on this.
Gregory Nicholls.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
