Don't know whether it helps :
comment out the line :
crl_extensions = crl_ext
and the [crl_ext] section.
On Fri, 2 Jul 1999, Sergio Rabellino wrote:
> ssl wrote:
> >
> > Sure it can, like my openssl.cnf :
> >
> > crlDistributionPoints=URI:http://sgiinda.csc.cuhk.edu.hk/1.crl
> >
> > need not be https because the crl is signed by CA.
> > And pretty good checked by IE and outlook express, if you
> > click the check box "Check for server certificate revocation" in IE.
> >
> > On Tue, 29 Jun 1999, Heber Jorge Ramos Brandao wrote:
> >
> > > Hi all,
> > >
> > > Is it possible to include the extension OID: 2.5.29.31
> > > (CRLDistributionPoints) on openssl.cnf ? It seems that this extension
> > > can hold an URL that points to the certificate issuer's CRL, or it can
> > > be used as an CA extension, holding the pointer to its CRL.
> > >
> > > Does anyone could tell me if it is possible to include it?
> > >
> > > Heber Brandao.
> > > [EMAIL PROTECTED]
>
> I've tested your solution, but during the signing phase I got a
>
> "unable to pack the crlDistributionPoints extension"
>
> and exit ....
> Any Hints?
> --
> Dott. Sergio Rabellino
>
> Technical Staff
> Department of Computer Science
> University of Torino (Italy)
> Member of the Internet Society
>
> http://www.di.unito.it/~rabser
> Tel. +39-0116706701
> Fax. +39-011751603
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
