CRLs are signed by the CA certificate whose subsidiary certificates
are mentioned (or not) in the CRL. So a CRL is verified just like
any other signed document. You need any certificates in the chain,
which may or may not be supplied along with the CRL, see PKCS#7
format and/or the
openssl crl2pk
After revoking the certificate, you didnt generate the CRL file.
First generate the CRL file and then ckeck.
cheers,
Ravi Prakash B.V.
On Wed, 17 Oct 2001, Juan Carlos Albores Aguilar wrote:
> Hi, i'm using openssl and i've created my own CA so i can sign certificates,
>revocate them and eve
ssl wrote:
>
> On Mon, 30 Aug 1999, Michael Ströder wrote:
>
> > ssl wrote:
> > >
> > > below the cert info, you'll see the "Check Certificate Status" button,
> > > [..]
> > > By this method, the cert must have "nsRevocationUrl" pointing
> > > to a cgi to check it.
> >
> > This on-line certifica
Ah yes, getting confused.
rather, the cgi should check the crl whether that serial is revoked.
On Mon, 30 Aug 1999, Michael Ströder wrote:
> ssl wrote:
> >
> > below the cert info, you'll see the "Check Certificate Status" button,
> > [..]
> > By this method, the cert must have "nsRevocationUrl
