Hi there: On 2010-11-12, at 12:04 PM, Per Jessen wrote:
> I've discovered that Microsoft Exchange 2007, presumably also 2010, > expects to have/check a CRL when setting up TLS for an SMTP connection. > So far, I have not found a way to disable this check. > > Our root CA does not have a 'crlDistributionPoints' setting, is it > possible to add this without having to re-issue the CA? crlDistribution point goes in End Entity certificates - (Server or User certificates), so you don't have to touch anything in the Root CA, you just have to include the CRL DP in the certificate that you issue to your servers. Have fun! --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
