crl has expired problem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: crl has expired problem.
From: sg4all <sg4all@xxxxxxxxx>
Date: Thu, 6 Nov 2008 15:49:25 +0100
Reply-to: users@xxxxxxxxxxxxxxxx

Hi all,

I'm trying to implement CRL validation on apache 2.0.54. (More exactly, I use the eID reverse proxy from the belgian government)

First I downloaded the CRLs from crl.eid.belgium.be. I added the SSLCARevocationPath directive to ssl.conf.

* First question: How can I create the 'hash' symlinks for each CRL file (there are a lot of them)? In my installation, there is no makefile in the ssl.crl folder...

Anyway, even without symlinks, apache seems to find the CRLs. However, authentication does not work. The debug shows: [error] Certificate Verification: Error (12): CRL has expired.

In a second try I wanted to convert the DER-encoded CRLs to a pem file. I converted every file using openssl crl -in $i -inform DER -outform PEM -out temp.pem and I've put them in one file. I then used the SSLCARevocationFile directive in SSL.conf. It gave the "CRL has expired" error.

Does anyone know how to solve this problem? (preferably by using the normal CRLs and not having to convert them to PEM encoded files...

thanks!
Steven

Prev by Date: Re: htaccess redirect URL fragment problem with Safari browser
Next by Date: Re: httpd 2.2.10 mod_proxy bug?
Previous by thread: modsecurity headaches
Next by thread: request header insertion issue
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]