> pascal gachet schrieb: > > I m using a hierarchy of CA, with a CA root and two sub CA. There is a > big trouble when a sub CA issued a CRL, in fact there is the CN of the > root CA in the DN.Of course the application didn't reconize the > signature on the CRL.
We simply using OpenSSL to issue the CRL. You see what we are doing in src/modules/openca-openssl/OpenSSL.pm in sub issueCrl. This osunds like a bug of OpenSSL. OpenSSL has some problems with hierarchies. Can you try to issue the CRL with pure OpenSSL on the commandline (OpenCA-Directory/conf/openssl/ --> index.txt and serial, OpenCA-Directory --> cacert.pem and OpenCA-Directory/private/key.pem)? Cheers, Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany [OpenCA Core Developer] http://www.openca.org _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
