I just tried setting the crl file to DER encoding and specified that files with .crl extensions are application/x-x509-crl. I am still receiving the certificate validation failure error on the Cisco concentrator. Is there anything else that I need to do? Am I doing something wrong?
Thanks, ******************************************** Richard A. Faulk Jr., MCSE, ASE, CCA, Linux+ Plummer Slade, Inc. Tel: (412)261-5600 x226 [EMAIL PROTECTED] http://www.plummerslade.com ******************************************** ----- Original Message ----- From: "Richard A. Faulk Jr." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 08:07 Subject: Re: Certificate validation failure, Successful Jason, I'm glad to hear that someone else has a similar scenario working. I am a little bit new to this. I am publishing the CRL with Apache. I placed a copy of the file in the default DocumentRoot in a folder named crl. I can access the file from Internet Explorer. How do I ensure that the URL is application/x-x509-crl ? Is this something that can be generated into the DER encoded crl using openssl? Also, rather than just making a copy of the crl file and placing it in a different location for publishing, do I need to maintain the openssl CA directory structure for this to work? Thank you in advance for your assistance. ******************************************** Richard A. Faulk Jr., MCSE, ASE, CCA, Linux+ Plummer Slade, Inc. Tel: (412)261-5600 x226 [EMAIL PROTECTED] http://www.plummerslade.com ******************************************** ----- Original Message ----- From: "Jason Haar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 22, 2004 20:30 Subject: Re: Certificate validation failure, Successful We do this here. Ensure your URLs are "application/x-x509-crl", and the CRL is DER encoded and you'll be fine. Cisco did a real good job with their PKI support in the VPN-3000 series - I wish I could say the same for IOS (our CA has a serial number of "0", and IOS refuses to trust a CA with a serial <1. Strange - I always thought 0 was an integer as required by the SSL RFCs... :-() -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
