there were at minimum two other guys which reported this problem. The reason is really simple. The Microsoft client tries to verify the state of the webserver certificate before downloading the CRL but the client needs the CRL to verify the webserver certificate (typical hen and egg problem).
The result is that we will use in OpenCA 0.9.2 http as default protocol for CRL publishing. Our (university's) solution is to use http and ldap for CRL publishing. We have four CDPs - two machines with http and ldap and all four CDPs are in the certificate.
Perhaps it is possible to publish the CRL manually to Microsoft but I don't know how.
Greetings Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
