Hello everybody I have such a problem. I created following certificate for ROOT CA, then for subordinary CA and at the end certificate too for end entity. Then I concated CAs certificate and relevant CRLs(empty for this time) into one files "CertsAndCrls.pem" and i tried verify end-entity certificate(testcert.crt) in subordinary CA with result O:OK. - its OK
for verification Im using command "openssl verify -CAFile CertsAndCrls.pem -crl_check testcert.crt When I revoke end-entity certificate by subordinary and regenerate the CAFile the result is :error 23 at 0 depth certificate revoked, what I expect. But when I revoke subordinary CA by Root Ca and I again verify end entity,the result is O:ok but I expect some error as error 23 at 1 depth certificate revoked. I don't know whether the OPENSSL performs the CRL checking in whole chain. Can somebody help me mail [EMAIL PROTECTED] Thanks " But when I want to revoked the certificate Next I concated These certificate and crls intoone file for verification via openssl. Now I want to verify end entity cetificate b -- View this message in context: http://www.nabble.com/NO-crl-checking-in-whole-chain-tf3607000.html#a10077334 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
