Hello, recently I obtained a free certificate from DGN (German Health Net) for signing e-mails. I imported the p12 file with gpgsm into my keybox and added the complete certificate chain to ~/.gnupg/trustlist.txt
When I try to sign or encrypt, I get the following error: $ gpgsm --armor --sign testfile.txt gpgsm: certificate not found: No public key gpgsm: certificate #410FE63506C68DDF/CN=dgnservice CA 2 Type E:PN,O=DGN Deutsches Gesundheitsnetz Service GmbH,C=DE gpgsm: checking the CRL failed: Not found gpgsm: error creating signature: Not found <GpgSM> It only works if I disable CRL checking with option --disable-crl-checks, which is not such a good idea, I guess. The CA provides only an LDAP URI for getting the revocation list. Root and intermediate certificates can be downloaded here: https://www.dgn.de/dgncert/downloads.html `gpgsm --dump-chain' presents me the following URI: crlDP: ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint Now my question is whether the LDAP server is down, the URI incomplete or wrong, or whether the problem is on the GPG end. On the other hand, I cannot imagine that a wrong LDAP URI remains unnoticed by non-GPG users. I know nothing about ldap and how to test such an URI. What can I do? I am using gnupg-2.4.0 and I double checked that it was compiled with ldap support. Alex _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
