I have it working with the Thunderbird extension. I couldn't be more embarrassed or apologetic because it was a stupid error on my side that was causing the issue. I had created templates for all the CAs in my certificate chain but when I copied them I forgot to change the "CRL Distribution Point" so every CA certificate was pointing to the same CRL.....idiot. That said though, I cannot believe that Firefox, cURL, and IE were happily validating my certificate all the while not being able to retrieve a valid CRL. (I can maybe understand the browsers not wanting to break https just because a CRL server is overloaded for a few seconds [but then what's the point of CRL checking at all?] but I'm surprised at cURL's behaviour).

The only strange thing is that the wx-dl client still gives me the same error. I assume it's caching the certificate somewhere, right? I'm not going to use the client but I can still check this more if you'd like.

Anyway, this was totally my fault and I really appreciate the time you took to try and help me. (I can't believe my name is permanently attached to this thread...)


Reply via email to