Dr Stephen Henson wrote:
>
> OpenSSL can still produce V1 CRLs. Even if you delete the whole crl_ext
> section it will still generate a V2 CRL. What you need to do is comment
> out the line:
> crl_extensions = crl_ext
> e.g. put a # at the start. When it sees that no crl extension section is
> na
Dr Stephen Henson wrote:
>
> Mario Fabiano wrote:
> >
> > Then I convert the CRL into other formats, like pkcs7 or DER, e.g.:
> > openssl crl -inform PEM -in $CurrCrl -outform DER -out $dwnlcrl
> ...
> Forget the other formats in my experience only a DER encoded CRL will
I run a my own demo CA based on openssl 0.9.2b and other stuff
(apache-mod_ssl and php3).
I am trying to load a CRL into a Netscape Communicator 4.06 or higher.
I get the CRL with the command:
openssl ca -gencrl -config $CrlConfig -out $CurrCrl -key $Password
Then I convert the CRL into o
