Re: CRL for server certificates

Thu, 01 Feb 2001 09:42:15 -0800 

Here's what you need to do to load CRLs into your Netscape browser:

You need to put the CRL in binary (DER) format on your Web site with a link to
this CRL.  For example,

      openssl crl -in crl.pem -outform DER -out crl.der

Next, you need to define the MIME type for the CRL (Content-Type
application/x-pkcs7-crl)

Point your browser to the hypertext link containing the CRL.  The browser will
automatically install the CRL.

To verify it was installed (there's no indication that it was installed), click
on the Security tab and select Signers.  You should see a new button called
View/Edit CRLs

Lorrayne


Min Sheng Lu wrote:

> I though so as well but I cannot find any optionn in Netscape 4.7 to set
> that. In IE there is a "check server certificate revocation" under internet
> options but presumably this only checks CRL of known CA's. Anyone know how
> to configure browsers to check CRLs of arbitrary CAs or how do CAs maintain
> publicly accessible CRLs.
> thanks for any help.
> min
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Weijgers
> > Sent: Thursday, February 01, 2001 12:33 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CRL for server certificates
> >
> >
> > Hi,
> >
> > >     How does one point a browser to a CA's CRL so that it can check is a
> > > server's certificate has been revoked? Looking through documentation for
> > > Apache and mod_ssl all mention of CRLs seems to be incontext of *client
> > > certificate authentication* and no mention is made of "server
> > certificate
> > > authentication* by the client browser using CRLs.
> >
> > I suspect this has to be configured on the browser side rather than on the
> > server side.
> >
> > Cheers,
> >
> > Simon
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      [EMAIL PROTECTED]
> > Automated List Manager                            [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to