Hi Radhakrishna, > -----Original Message----- > From: owner-openssl-us...@openssl.org On Behalf Of Radha krishna Meduri -X > (radmedur - HCL at Cisco) > > > > Hi Patrick > > We have one more update > > [r...@acsxp-srv3 radha]# > [r...@acsxp-srv3 radha]# /opt/CSCOacsxp/.system/openssl crl > -in abcd.crl > -text > unable to load CRL > 13202:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:642:Expecting: X509 CRL > [r...@acsxp-srv3 radha]# > [r...@acsxp-srv3 radha]# /opt/CSCOacsxp/.system/openssl crl > -inform DER > -in abcd.crl -text | more > Certificate Revocation List (CRL): > Version 2 (0x1) > Signature Algorithm: sha1WithRSAEncryption > Issuer: /C=US/DC=COM/DC=NWA/DC=PAD/O=Northwest Airlines > Inc/OU=PAD/CN=Northwest Airlines PAD Low Assurance Issuing CA > Last Update: Sep 30 04:54:00 2009 GMT > <removed lower part> > > If you observe first command I did not mentioned "-inform" > switch which > failed to load but later command succeeded with that option. Why is it > so?
Because your CRL is DER-encoded, but you tell openssl that it is PEM-encoded (the default). > Basically customer certificate was in DER format. Only the format of your CRL is of interest here. > If CRL was in DER > format, is it mandatory to mention "-inform DER" in the command line? That's what I wrote in my last mail. Please check again my answer and the documentation. Cheers, Patrick Eisenacher > -----Original Message----- > From: owner-openssl-us...@openssl.org On Behalf Of Radha krishna Meduri -X > (radmedur - HCL at Cisco) > > > Hi Patrick Eisenacher > > I converted this crl to PEM format which worked like charm. > Is there any > restriction like CRL's should be in PEM for mat only? > > Thanks > Radhakrishna. > > -----Original Message----- > From: owner-openssl-us...@openssl.org On Behalf Of Eisenacher, Patrick > > Hi Radhakrishna, > > -----Original Message----- > > From: owner-openssl-users On Behalf Of Radha krishna Meduri -X > > > > I am not able to load the crl in text format and I am getting > > following error while issuing following command "openssl crl -in > abcd.crl -text" > > > > unable to load CRL > > 28950:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:642:Expecting: X509 CRL > > > > Any idea what could be issue? > > that means that abcd.crl has no proper PEM-encoding (base64 > plus header > and footer). The error messages states that openssl can't find the > header. For more info about the header and footer, see > http://www.openssl.org/docs/apps/crl.html#NOTES > > HTH, > Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
