I have it working with the Thunderbird extension. I couldn't be more
embarrassed or apologetic because it was a stupid error on my side that
was causing the issue. I had created templates for all the CAs in my
certificate chain but when I copied them I forgot to change the "CRL
Distribution Point" so every CA certificate was pointing to the same
CRL.....idiot. That said though, I cannot believe that Firefox, cURL,
and IE were happily validating my certificate all the while not being
able to retrieve a valid CRL. (I can maybe understand the browsers not
wanting to break https just because a CRL server is overloaded for a few
seconds [but then what's the point of CRL checking at all?] but I'm
surprised at cURL's behaviour).
The only strange thing is that the wx-dl client still gives me the same
error. I assume it's caching the certificate somewhere, right? I'm not
going to use the client but I can still check this more if you'd like.
Anyway, this was totally my fault and I really appreciate the time you
took to try and help me. (I can't believe my name is permanently
attached to this thread...)
--
Mark
