RE : [Openca-Users] Offtopic: IE6 - problem getting CRL over HTTPS

Wed, 07 Jan 2004 06:50:45 -0800 

This is an hen and egg problem but I've lost the link. Basically : the ssl
connexion needs to verify the CRL first to be sure ssl certificate is ok,
but the crl cannot be downloaded until ssl connexion is established.

You need to download crls over http, not https.

Barbara Post

-----Message d'origine-----
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Grich,
Ondrej
Envoy� : mercredi 7 janvier 2004 14:39
� : [EMAIL PROTECTED]
Objet : [Openca-Users] Offtopic: IE6 - problem getting CRL over HTTPS


Hello,

Sorry for little off-topic question.

I'm facing problem with accessing secure server, especialy with getting CRL
over HTTPS.
Situation: IE (ver. 6; WinXP SP1) with client side certificate. "Check for
server certificate revocation" option is enabled. Secure server
certificate's CDP (certificate distribution point) attribute points to
URI:https://blabla.blabla.com/crl/crl.crl.
When connecting with IE to secure server (over HTTPS), the ssl handshake
between client and server took place (verified from servers http logs), and
than nothing happens for several minutes. after that IE complains that
"Revocation information for security certificate for this site is not
available". The CA certificate (which published server
certificate) has also CDP attribute with HTTPS.

The same scenario, except the server certificate, which now has attribute
with CDP distribution point accessbile over HTTP, works fine.

Does anybody faced this situation? ANybody knows what steps are involed in
IE's Certificate validation/CRL checking?

thanks in advance
og


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to