Hi all, I'm trying to implement CRL validation on apache 2.0.54. (More exactly, I use the eID reverse proxy from the belgian government)
First I downloaded the CRLs from crl.eid.belgium.be. I added the SSLCARevocationPath directive to ssl.conf. * First question: How can I create the 'hash' symlinks for each CRL file (there are a lot of them)? In my installation, there is no makefile in the ssl.crl folder... Anyway, even without symlinks, apache seems to find the CRLs. However, authentication does not work. The debug shows: [error] Certificate Verification: Error (12): CRL has expired. In a second try I wanted to convert the DER-encoded CRLs to a pem file. I converted every file using openssl crl -in $i -inform DER -outform PEM -out temp.pem and I've put them in one file. I then used the SSLCARevocationFile directive in SSL.conf. It gave the "CRL has expired" error. Does anyone know how to solve this problem? (preferably by using the normal CRLs and not having to convert them to PEM encoded files... thanks! Steven
