OK, maybe I'm confused. I can get the CRL to my client machine OK, that's not an issue. What I'm saying is, placing the CRLs into the local directory alone is not OK, revocation check will not work. In order for that to work, I need to append the CRL to the root certificate in /etc/ssl/crls. So my question was, is there a way to get this to work (i.e., OpenSSL sees the certificate sent by the server is revoked) without having the root certificate and CRL files appended together?
From: rs...@akamai.com To: openssl-users@openssl.org Date: Wed, 30 Jul 2014 15:34:57 -0400 Subject: RE: Can't get my CRL to work on my OpenSSL client No, I’m saying that putting the CRL’s into the local directory is okay, and OpenSSL will parse them. How you get them there is your issue J -- Principal Security EngineerAkamai Technologies, Cambridge MAIM: rs...@jabber.me Twitter: RichSalz