Darren Reed wrote:
>
> IE5 appears to insist on adding a number (01, etc) on the end of the
> Netscape CA Revocation Url and if not present, reports an error about
> not being able to verify the user because it can't get a CRL.
>
This is correct behaviour. See:
http://home.netscape.com/eng/sec
TO try and keep IE all nice and happy, I've included CRL URL's in
some certs I'm generating. For fun (NOT!) I've used different
extensions in the CA cert and the "user" cert:
CA:
X509v3 extensions:
X509v3 CRL Distribution Points:
URI:http://www/myca.crl
Use
