Hi all, I am just worling on a certificate profile an I need to include a cdp in the following form:
ldap://my.company.com/CN=Name,OU=Department,O=Company,C=DE?certificateRevocationList So the cdp should point to the crl in a directory on a certain server and the access protocal is ldap. >From the attached email I learnd that the commas in the directory string will >cause problems! But how is it done correct? How do I have to write the section mentioned below? All my tries result in messages like this: Error Loading extension section v3_ca 4461:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:432: 4461:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=crlDistributionPoints, value=cdp_sect Best regards Thomas > -----Ursprüngliche Nachricht----- > Von: Dr. Stephen Henson [mailto:[EMAIL PROTECTED] > Gesendet: Sonntag, 5. September 2004 21:46 > An: openssl-users@openssl.org > Betreff: Re: Query on CRL distribution point > > On Sun, Sep 05, 2004, pijush koley wrote: > > > Hi! > > I want to setup a test CA using OpenSSL. So I configured > openssl.cnf > > file according to my environment. Then I executed following command > > > > CA.pl -newca > > > > This gave an error and it indicated that following line > produced an error. > > > > crlDistributionPoints = URI:ldap://<server > > IP>:<port>/CRLObjID=CRLPoint,o=domain > > > > Than I changed this line to > > > > crlDistributionPoints = URI:http://<server IP>:<port>/TestCRL/ > > > > and this time whole setup worked fine. > > Can anybody please tell me why crlDistributionPoints failed > to take an URI started with "ldap"? > > > > Yes its the embedded comma. If you need a comma then use the > alternative @section format mentioned in doc/openssl.txt > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see > homepage OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
