Hi Kristian,
On Mon, 24 Nov 2014 21:40:22 +0100, Kristian Fiskerstrand
<kristian.fiskerstr...@sumptuouscapital.com> wrote:
For 2.1 you need the following in dirmngr.conf:
hkp-cacert /path/to/sks-keyservers.netCA.pem
instead of
keyserver-options
ca-cert-file="C:/Users/<username>/AppData/Roaming/gnupg/sks-keyservers.netCA.crt"
OK, so: sks-keyservers.netCA.crt is a PEM encoded (...BEGIN
CERTIFICATE...END CERTIFICATE...) certificate and is hardlinked to
sks-keyservers.netCA.pem . The files are located in %appdata%/gnupg/ .
In dirmngr.conf I have the following line:
hkp-cacert
"C:/Users/<username>/AppData/Roaming/gnupg/sks-keyservers.netCA.pem"
In gpg.conf I have also the following line:
keyserver-options
ca-cert-file="C:/Users/hinterberger.h/AppData/Roaming/gnupg/sks-keyservers.netCA.crt"
This means I have both options set => no change: No keyserver available.
I commented out the line in gpg.conf => still no change.
Pinging the keyserver works.
Hmm... I just tried to:
wget --certificate=sks-keyservers.netCA.pem
"https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x8BCF070743176C6A";
and I got:
OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
OpenSSL: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Disabling SSL due to encountered errors.
OK, using "--ca-certificate" instead of "--certificate" worked, so the
network seems to be OK.
gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-key
0x8BCF070743176C6A
gpg --keyserver https://hkps.pool.sks-keyservers.net --recv-key
0x8BCF070743176C6A
Both fail. Using hkp, on the other hand, works.
Regards,
Hugo
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
