On Thu, 2009-01-15 at 11:58 -0500, David W Blaine wrote:
>
> I sent my Test root CA over to Windows so I could create a Sub-CA
> there. I ran into the following error while importing the CRL in
> Windows 2003:
>
> A required CRL extension is missing
> CertUtil: -dsPublish command FAILED: 0x80070490 (WIN32: 1168)
> CertUtil: Element not found.
>
>
>
> I checked a CRL that Windows issues natively and see that I don't have
> an Authority Key Identifier defined within the CRL. But I checked my
> root CA that I generated, it has the following:
>
> Certificate Signing, Off-line CRL Signing, CRL Signing (06)
>
>
> Any idea what I am missing?
<snip>
I don't know a whole lot about CRL extensions. I gather there are only
two and I do not recall what they are. I assume Windows is looking for
them. When generating a CRL in OpenCA, there are two choices for
extensions - none and default. I assume default is set in
etc/openssl/openssl.cnf, one of the files in etc/openssl/openssl/ or one
of the files in etc/openssl/extensions. I do not know what they default
to.
Perhaps a quick google on CRL extensions (sorry - I don't have time to
right now) would give the names and purposes and help you navigate those
files. Just a thought - John
--
John A. Sullivan III
Open Source Development Corporation
Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
