Hello, openssl verify -CAfile root.pem -untrusted issuer.pem srvr.pem gives this output srvr.pem: OK but openssl verify -CAfile root.pem -crl_check -untrusted issuer.pem srvr.pem gives this: srvr.pem: C = US, OU = Domain Control Validated, CN = revoked.grc.com error 3 at 0 depth lookup:unable to get certificate CRL and doing this: openssl verify -CAfile root.pem -crl_check issuer.pem gives a similar result issuer.pem: C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain Validation CA - G2 error 3 at 0 depth lookup:unable to get certificate CRL the used certificate for these command-line samples are attached ... (the SSL/TLS certificate and the whole chain of revoked.grc.com) please, can someone tell me how to check the CRL of certificate using openssl command-line? Thanks, Walter -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: root.pem URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0003.ksh> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: issuer.pem URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0004.ksh> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: srvr.pem URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0005.ksh> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0001.bin>
