Hi, I am using openssl-0.9.7-pre1 to create a mutilevel CA including the appropritate CRLs, e.g. root CA --> level 1 CA (here: level 1 CA 1) --> user certs. I want to create a revocation list for level 1 CAs (signed by the root CA) and a revocation list for user certs (signed by level 1 CA 1). I am using the following comands: GENERATING a CRL for level 1 CAs, which I name ARL (authority revocation list) openssl ca -config crl_l1_user.config -gencrl -out arl.pem (using root key to sign)
GENERATING a CRL for user certs openssl ca -config crl_user.config -gencrl -out crl.pem (using level 1 CA 1 key to sign) Verification: openssl crl -in arl.pem -issuer openssl crl -in crl.pem -issuer Now comes the surprising result, that the issuer in both cases is the root CA, even if I signed the ARL with the root key and the CRL with the level 1 CA 1 key! I would be really thankful, if anybody can help! Volker -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
