Hello, The example from:
http://www.openssl.org/docs/apps/x509v3_config.html crlDistributionPoints=crldp1_section [crldp1_section] fullname=URI:http://myhost.com/myca.crl CRLissuer=dirName:issuer_sect reasons=keyCompromise, CACompromise [issuer_sect] C=UK O=Organisation CN=Some Name does not work. I have version 0.98c3 of OpenSSL. I think the first error is crlDistributionPoints=crldp1_section must be [EMAIL PROTECTED] but then it complains: 30213:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn 30213:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:v3_alt.c:509:name=fullname 30213:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=crlDistributionPoints, [EMAIL PROTECTED] crlDistributionPoints=URI:http://myhost.com/myca.crl works. But I must also include an isuer. Karsten ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]