1. Add CRL
The doc says you can add CRL in the "Manage CRL" window,
but I do not see any button/etc that allows me to do so
from there.
The document is incorrect then. You need to click to download the CRL from a web page that sends it with the mime type : application/pkix-crl
Then you will be able to edit the fields of the CRL Manager to change every option about how to download it in the future.
2. Using the OCSP -- Assuming that I generate my own
certificate using a tool like openssl, where do I specify
an OCSP URL field in an X509 certificate?
The format is described in paragaph 3.1 of RFC 2560. But you'd better try some openssl specialist (that's not here!) for an exemple of the correct instruction to put in the configuration file.
Don't forget you need to change the default configuration of Mozilla to check OCSP status when the field is available.
You should know also Mozilla is not able to access OCSP responder through a proxy (both PSM and NSS lack the necessary provision to make the download work with a proxy).
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
