Re: CRL with OpenSSL

To: Emmanuel Dreyfus <manu@netbsd.org>

Subject: Re: CRL with OpenSSL

From: Erwann Abalea <eabalea@gmail.com>

Date: Mon, 14 Apr 2014 21:22:33 +0200

Cc: Christian Kratzer <ck@cksoft.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nKBNPMRg9BkX3rY2qWMaSmnkJMYu6nZ64FsCstUt/H8=; b=T1t/6jU9KxqGxWXuQqHZeEmDUCOP6PmxZNrAZBpqT2jgVxhu+kSg8UavKH4hFZgYso 8d4cZfUt3/LclO+864Nfci7q7V6SXlu3esm+4jd6tI0MqscSwESzdCmZQTW2HKSsDNYd zLbVLtrkcfhsxFf54jaumtCjbHbBeOFWYSmSO2uZyf6NM96U/PRU8yn5U2z1rdOEv7vH xE3ru7yMnEN21KnPUamIQsT/IC84dL4eVMTxcoogBDW1x3gxMJ4dlqls4L36oZM84cff evyKY/6vFvxalGVmKcFOT8OyWpFxHMuJWOg7gSd4oEp8DuycJU4Xz7zNQX+Jo05A9Q+I jRew==

In-reply-to: <1lk40jn.1x289p577orb4M%manu@netbsd.org>

References: <CA+i=0E6T6Spmv-5wza0aMZ59h0fm3ZaQwqF=F8gZNdAyMsZQAA@mail.gmail.com> <1lk40jn.1x289p577orb4M%manu@netbsd.org>

Now you've got another problem. Why do you have 2 different CAs with the same private key?

It's getting more off-topic, sorry.

2014-04-14 20:23 GMT+02:00 Emmanuel Dreyfus <manu@netbsd.org>:

Erwann Abalea <eabalea@gmail.com> wrote:

> It considers that the CRL found at "hash".r0 isn't valid or sufficient to
> give a revocation status of your certificate.
> Could you post the subscriber certificate, its issuing CA cert, and the
> corresponding CRL somewhere?

I found the problem: it was not signed by the right CA (same private
key, different cert)

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

--
Erwann.

Follow-Ups:

Re: CRL with OpenSSL
- From: manu@netbsd.org (Emmanuel Dreyfus)

References:

Re: CRL with OpenSSL
- From: Erwann Abalea <eabalea@gmail.com>
Re: CRL with OpenSSL
- From: manu@netbsd.org (Emmanuel Dreyfus)