Patrick Patterson wrote: > Hi there: > > On 2010-11-12, at 12:04 PM, Per Jessen wrote: > >> I've discovered that Microsoft Exchange 2007, presumably also 2010, >> expects to have/check a CRL when setting up TLS for an SMTP >> connection. So far, I have not found a way to disable this check. >> >> Our root CA does not have a 'crlDistributionPoints' setting, is it >> possible to add this without having to re-issue the CA? > > > crlDistribution point goes in End Entity certificates - (Server or > User certificates), so you don't have to touch anything in the Root > CA, you just have to include the CRL DP in the certificate that you > issue to your servers. > > Have fun!
Patrick, that's great, many thanks! /Per Jessen, Zürich ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org