Hi,
In the same linux box, I've installed a root CA+RA and a second level
CA+RA. (Both openca 0.9.0-2)
It runs fine, but issuing a CRL, (composed of just one revoked cert), from
second level CA, it happens the following:
1. The CRL issuer Distinguished Name is the DN from the root CA, not the DN
from the second level CA,(I supose it is wrong, the issuer DN should be the
second level CA).
2. The signature of the CRL is done through the private key of the second
level CA, (right)
After this, I've downloaded the CRL to Netscape Communicator 4.78, but the
browser complains because the CRL signature is wrong. Thus, the importation
is not done.
I've also donwloaded the CRL to Microsoft IE v6. Once the cacrl.crl file is
in my hard disk, I've imported it through the certificate import wizard and
the importation finishes sucessfully. (Really I don't know if it is the
right way to import a CRL to IE. After the success import I don't konw
where to see the CRL inside IE).
Regards.
------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SchlumbergerSema.
If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
------------------------------------------------------------------
-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future of
Java(TM) technology. Join the Java Community Process(SM) (JCP(SM))
program now. http://ad.doubleclick.net/clk;4699841;7576301;v?
http://www.sun.com/javavote
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
