It considers that the CRL found at "hash".r0 isn't valid or sufficient to give a revocation status of your certificate. Could you post the subscriber certificate, its issuing CA cert, and the corresponding CRL somewhere?
2014-04-14 10:32 GMT+02:00 Emmanuel Dreyfus <[email protected]>: > On Sun, Apr 13, 2014 at 12:21:10PM +0200, Christian Kratzer wrote: > > >I think this is because the CRL Next Update is in the past. I will > > >renew the CRL to check that. > > > > yes an expired crl will usually cause validation to fail. > > Now with a valid CRL, I still have the same problem: it loads > /etc/openssl/certs/0726b466.r0, then tries and fails on: > /etc/openssl/certs/0726b466.r1 > /etc/openssl/cert.pem/0726b466.r0 > > And then it fails with this complain: > TLS certificate verification: Error, unable to get certificate CRL > > > -- > Emmanuel Dreyfus > [email protected] > > -- Erwann.
