Hello!
I have a problem to verify certificate against crl file.
The situation is:
1)CA which I use have 2 certificates, one is old certificate but still not
expired and second is new certificate (becuase CA renew own certificate)
2)therefore, there are 2 CRL list (one for each CAcertificate)
I downloaded all files. I have in one directory file:
CAcert1.pem (old cert CA)
CAcert2.pem (new cert CA)
CAcrl1.pem (crl list to CAcert1.pem)
CAcrl2.pem (crl list to CAcert2.pem)
I use c_rehash perl script to make symbolic link to all that files.
Because that are certificates of the same CA, all hash values are the same.
So I have symbolic link, for example:
f1467c63.0 to CAcert1.pem (old cert CA)
f1467c63.1 to CAcert2.pem (new cert CA)
f1467c63.r0 to CAcrl1.pem (crl list to CAcert1.pem)
f1467c63.r1 to CAcrl2.pem (crl list to CAcert2.pem
And I have client certificate issued by CA and signed by CAcert2.pem.
I tried to verify client certificate using command:
openssl verify -crl_check -CApath path_to_directory_with_link clientcert.pem.
I get error:CRL signature failure , because openssl try to always use to
verify, link (in this case) f1467c63.r0 and should in this case use
f1467c63.r1.
I have client certificate issued by CA and signed by CAcert1.pem too.
When I tried to verify this client certificate using command:
openssl verify -crl_check -CApath path_to_directory_with_link clientcert.pem
everythink is ok.
Anybody know what to do to verify all certificates? I have to possibility to
verify certificates signed by CAcert1.pem and Cacert2.pem.
-------------------------------------------------
Ten e-mail zostal wyslany z serwera
darmowych kont pocztowych plusik.pl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
