Mike Auty wrote: > They > all listed the crl distribution point as > https://<hostname>/cgi-bin/pub/crl/cacrl.crl which gave a 404 error not > found page. I assume it should point to > https://<hostname>/pub/crl/cacrl.crl, and I located how to set this in > /usr/local/OpenCA/etc/openssl/ca-openssl.cnf & ra-openssl.cnf. My > question is, is this a problem in the default install or have I missed a > configuration option somewhere, what's causing the problem?
It is a problem in the default configuration and you must fix /usr/local/OpenCA/etc/openssl/extfiles/*.ext too. I fixed this problem in 0.9.1 RC1 (see the detailed CHANGES-file on our ftp-server). ftp://ftp.openca.org/pub/openca/developers/bell/snapshots/CHANGES The problem is that there is some software like F-Secure VPN+ which only supports http and ldap. So if you use OpenCA in a real world environment then I recommend you to use a LDAP-server for CRL-distribution too. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
