https://bugzilla.novell.com/show_bug.cgi?id=346536
User [EMAIL PROTECTED] added comment https://bugzilla.novell.com/show_bug.cgi?id=346536#c11 --- Comment #11 from Sebastien Pouliot <[EMAIL PROTECTED]> 2007-12-14 13:39:36 MST --- ok, while *online* isn't yet supported, it can works if it finds a local copy of the CRL installed (same for offline). This means that I can get everything working with the original source code if the configuration is right. GOOGLE CERT VALID: True CHAIN VALID: True Subject: CN=www.google.com, O=Google Inc, L=Mountain View, S=California, C=US === Subject: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA === Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US === True This requires to (a) changes to machine.config for MD2 (see previous comments) (b) downloading the intermediate CA CRL (URL is available in the google cert) wget http://crl.thawte.com/ThawteSGCCA.crl (c) install the CRL into the CA store certmgr -add -crl CA c:\temp\ThawteSGCCA.crl (d) downloading the root CA CRL (URL is available inside the Thawte cert) wget http://crl.verisign.com/pca3.crl (e) install the CRL into the Trust store certmgr -add -crl Trust c:\temp\pca3.crl Once you know the url it's possible to create a script to update them, since they have an expiration date. Don't you love PKIX simplicity ? I can't imagine the joys of the full x.509 feature set ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
