Valery wrote: > > Hello! > > I have a problem with checking CRL by MS Outlook Express. > When Outlook is on-line it tries to check if the certificate has been > revoked or not and says "The digital ID has not been revoked or revocation > information for this certificate could not be determined" > > After that I tried to import my CRL into my IE5.5 it says: > "This is an invalid Certificate Revocation List file". > > My CRL can be found at: http://proxy.vrn.ru/crl/main.crl > > The CRL has been made with the following command: > openssl ca -gencrl -out crl.pem -config openssl.cnf passin pass:**** > > I have added crlDistributionPoints=URI:http://proxy.vrn.ru/crl/main.crl > into my openssl.cnf file. > > Where have I made a mistake? > Does Outlook Express 5.5 > support crl file that was made with openssl-engine 0.9.6b. > The mime-type reported by your web server is text/html and this is incorrect, you must return an "application/x-pkcs7-crl" document, so you must convert with openssl your crl to the pkcs7 form DER encoded, then return this blob with the correct mime type.
Bye. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
