httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sg4all <sg4...@gmail.com>
Subject [users@httpd] crl has expired problem.
Date Thu, 06 Nov 2008 14:49:25 GMT
Hi all,

I'm trying to implement CRL validation on apache 2.0.54. (More exactly, I
use the eID reverse proxy from the belgian government)

First I downloaded the CRLs from crl.eid.belgium.be. I added the
SSLCARevocationPath directive to ssl.conf.

* First question: How can I create the 'hash' symlinks for each CRL file
(there are a lot of them)? In my installation, there is no makefile in the
ssl.crl folder...


Anyway, even without symlinks, apache seems to find the CRLs. However,
authentication does not work. The debug shows: [error] Certificate
Verification: Error (12): CRL has expired.



In a second try I wanted to convert the DER-encoded CRLs to a pem file. I
converted every file using openssl crl -in $i -inform DER -outform PEM -out
temp.pem and I've put them in one file. I then used the SSLCARevocationFile
directive in SSL.conf. It gave the "CRL has expired" error.


Does anyone know how to solve this problem? (preferably by using the normal
CRLs and not having to convert them to PEM encoded files...

thanks!
Steven

Mime
View raw message