"Krause, Helga" <[EMAIL PROTECTED]> writes: > Hello, > > I also tried your way of crl-checking and failed too although the > issuer names of the cert and the crl were the same. > > But the other way with the option -CApath succeeded. > Here are the steps I was performing: > > - RootCert.pem and RootCrl.pem must be in the same directory (i.e.: > ../certs) > - execute the script c_rehash (in directory ../openssl/bin or ../tools) > to the directory ../certs: > > ./c_rehash ../certs > > Then you get symbolic links in the directory ../certs between your > RootCert.pem and RootCrl.pem (hash of issuer dn) > > - verifying: > openssl verify -CApath ../certs/ -crl_check UserCert.pem > The answer should be: > UserCert.pem: OK > > I hope that helps. > Helga > And thank you for your help, Stephen Henson. > Sorry for the error in German...
I have it working now. I never really did understand c_rehash. I had just appended the CRL to the certifikat (with name hashed.0), but thats fixed bow :-) Kind regards, -- stud. scient. Arne Jørgensen Kollegium 5, 2., v. 222, Universitetsparken, 8000 Århus C tlf: 89 42 72 22, mobil: 21 65 01 13 e-post: [EMAIL PROTECTED], <http://www.daimi.au.dk/~arne/> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
