On Wed, Jun 06, 2007, piyush tewari wrote: > > Hi, > > I m protecting one of my server by using stunnel. > Now I am trying to use the revocation list concept in the stunnel . > > For using the revocation list i performed the following steps. > > 1. For generating the CRL file > openssl ca -gencrl -keyfile ca_key -cert ca_crt -out my_crl.pem > > 2. for revoking the certificates > openssl ca -revoke bad_crt_file -keyfile ca_key -cert ca_crt > > > The entry specified in the stunnel.conf file is:- > CRLfile = my_crl.pem >
I'm assuming you created another CRL after revoking the certificate? Does the revoked certificate show up in the CRL when you use the crl utility? I'd suggest using s_client/s_server to see if a certificate shows up as revoked when you use that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
