RE: Unable to load CRL

Radha krishna Meduri -X (radmedur - HCL at Cisco) Fri, 11 Dec 2009 04:29:38 -0800

Hi Patrick

We have one more update


[r...@acsxp-srv3 radha]# 
[r...@acsxp-srv3 radha]# /opt/CSCOacsxp/.system/openssl crl -in abcd.crl
-text
unable to load CRL
13202:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:642:Expecting: X509 CRL
[r...@acsxp-srv3 radha]# 
[r...@acsxp-srv3 radha]# /opt/CSCOacsxp/.system/openssl crl -inform DER
-in abcd.crl -text | more
Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/DC=COM/DC=NWA/DC=PAD/O=Northwest Airlines
Inc/OU=PAD/CN=Northwest Airlines PAD Low Assurance Issuing CA
        Last Update: Sep 30 04:54:00 2009 GMT
<removed lower part>

If you observe first command I did not mentioned "-inform" switch which
failed to load but later command succeeded with that option. Why is it
so? Basically customer certificate was in DER format. If CRL was in DER
format, is it mandatory to mention "-inform DER" in the command line?

Thanks
Radhakrishna.


-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Radha krishna
Meduri -X (radmedur - HCL at Cisco)
Sent: Friday, December 11, 2009 5:19 PM
To: openssl-users@openssl.org
Subject: RE: Unable to load CRL


Hi Patrick Eisenacher

I converted this crl to PEM format which worked like charm. Is there any
restriction like CRL's should be in PEM for mat only?

Thanks
Radhakrishna. 

-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Eisenacher,
Patrick
Sent: Tuesday, December 08, 2009 5:51 PM
To: 'openssl-users@openssl.org'
Subject: RE: Unable to load CRL

Hi Radhakrishna,

-----Original Message-----
> From: owner-openssl-users On Behalf Of Radha krishna Meduri -X
> Sent: Tuesday, December 08, 2009 12:29 PM
> To: openssl-users@openssl.org
> Subject: Unable to load CRL
>
> I am not able to load the crl in text format and I am getting 
> following error while issuing following command "openssl crl -in
abcd.crl -text"
>
> unable to load CRL
> 28950:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:642:Expecting: X509 CRL
>
> Any idea what could be issue?

that means that abcd.crl has no proper PEM-encoding (base64 plus header
and footer). The error messages states that openssl can't find the
header. For more info about the header and footer, see
http://www.openssl.org/docs/apps/crl.html#NOTES

HTH,
Patrick Eisenacher
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

RE: Unable to load CRL

Reply via email to