More CRL question

2014-02-14 Thread rosect190
It is understood that if CRL check is set but CRL file is not included, openSSL will report ERR(3). What happens, if we have a 3-tier CAs and the CRL from the middle tier is not included. Will openSSL report error, with the setting of X509_V_FLAG_CRL_CHECK_ALL? - rosect190

CRL question

2004-12-13 Thread PAILLETTE Frédéric
Hi all ! I don't anderstand how CRL are verified, someone can explain me a little please. CRL are not included in the certificate but a link to the CRL is included in the certificate issuer, no ? If a certificate contains a link, how the pointed CRL is verified ? TIA Frédéric.

Re: CRL question

2004-12-13 Thread Charles B Cranston
CRLs are signed by the CA certificate whose subsidiary certificates are mentioned (or not) in the CRL. So a CRL is verified just like any other signed document. You need any certificates in the chain, which may or may not be supplied along with the CRL, see PKCS#7 format and/or the openssl

Re: crl question

2001-10-18 Thread Ravi Prakash B.V.
After revoking the certificate, you didnt generate the CRL file. First generate the CRL file and then ckeck. cheers, Ravi Prakash B.V. On Wed, 17 Oct 2001, Juan Carlos Albores Aguilar wrote: Hi, i'm using openssl and i've created my own CA so i can sign certificates, revocate them and

crl question

2001-10-17 Thread Juan Carlos Albores Aguilar
Hi, i'm using openssl and i've created my own CA so i can sign certificates, revocate them and everything, my question is when i revoke a certificate and i watch the no encrypted form of my crl file, it says no certificates revoked, however in the records of the certificates signed, it does

CRL question

2000-03-02 Thread Marco Nardelli
Does anyone know an SSL routine which extracts the CRL url from a certificate.pem ? Thanks in advance regards marco nardelli __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: CRL Question

1999-08-30 Thread ssl
Ah yes, getting confused. rather, the cgi should check the crl whether that serial is revoked. On Mon, 30 Aug 1999, Michael Ströder wrote: ssl wrote: below the cert info, you'll see the "Check Certificate Status" button, [..] By this method, the cert must have "nsRevocationUrl"

Re: CRL Question

1999-08-30 Thread Michael Ströder
ssl wrote: On Mon, 30 Aug 1999, Michael Ströder wrote: ssl wrote: below the cert info, you'll see the "Check Certificate Status" button, [..] By this method, the cert must have "nsRevocationUrl" pointing to a cgi to check it. This on-line certificate validation has