Re: Problems with cert validation via CRL

Thanks very much for getting back to me - I really appreciate your help. I have been able to get the validation to work by adding the trusted root certificate to the "trusted-certs" folder under the gnupg directory on my windows box. The directory wasn't there but I was able to add it and as

RE: Problems with cert validation via CRL

er Lebbing [mailto:pe...@digitalbrains.com] Sent: Tuesday, February 21, 2017 10:13 AM To: David Gray <d...@davidegray.com>; NIIBE Yutaka <gni...@fsij.org> Cc: gnupg-users@gnupg.org Subject: Re: Problems with cert validation via CRL On 21/02/17 13:20, David Gray wrote: > I'm n

Re: Problems with cert validation via CRL

Hello, again, David Gray wrote: > dave@dave-VirtualBox:~/.gnupg/crls.d$ dirmngr --debug-all --fetch-crl > http://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl Reading the code of dirmngr, I think that --fetch-crl (or dirmngr-client --load-crl)

Re: Problems with cert validation via CRL

Thanks, Peter! According to the documentation the trusted certainty need to be in a folder named "trusted-certs" in the home directory. I don't believe I've copied them there manually, so if it hasn't happened automatically that could very well be the issue. I'm at work but once I get home

Re: Problems with cert validation via CRL

On 21/02/17 13:20, David Gray wrote: > I'm no expert, but when I look at the debug info (attached to > original email), it appears that gpgsm is able to get the crl that my > cert points to but it may be having trouble parsing it. Reading that part made me think it couldn't find the issuer of the

Re: Problems with cert validation via CRL

Thank you for your response! I do have the trustlist.txt file on both computers - it was automatically populated with the root cert by pin entry when I imported my certificate on both machines, and it includes the "relax" keyword on both computers. There are 3 cents total in my hierarchy -

Re: Problems with cert validation via CRL

Hello, David Gray wrote: > At the same time, I'm curious as to why the Ubuntu installation is > validating the certificate as 'good' while the Windows installation is not - > is this just because the Ubuntu installation was able to successfully > validate the certificate in

Problems with cert validation via CRL

Hello - new user here; this may be an obvious question but I haven't been able to find the answer. Ultimately, this may just highlight some of the problems inherent in a hierarchical trust model. I've got a free x.509 email certificate generated by Comodo. I've got Ubuntu 16.04 LTS