On Wed, Feb 26, 2003, [EMAIL PROTECTED] wrote: > > Hi, > > Do you know if there is any mean to include a CRL into a PKCS#12 file using > openssl tool ? > > I tried to pass the CRL file in the '-certfile' option of 'openssl pkcs12' but > when I dumped the file, I could not see the CRL... > I also tried to convert the CRL with 'crl2pkcs7' then pass the file to > '-certfile' option of 'openssl pkcs12'. Same result ;-(. > > Thanks, > > PS: the CRL is generated with openssl > PS2: the client software does not support 'crlDistributionPoints' feature. >
Standards do exist for adding CRLs to PKCS#12 files and some of the macros and code is in OpenSSL its just not in any of the utilities (yet). How useful this would be depends on whether the client software will recognize the CRL in the PKCS#12 file. It would only establish the validity of the certificate at the time it was imported in any case, some mechanism would still be required to periodically check revocation. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
