18.10.2016 14:41, Bjoern Voigt пишет:
I followed this openSUSE specific blog entry to install my CA certificate and CRL system-wide: https://blog.hqcodeshop.fi/archives/157-Installing-own-CA-root-certificate-i...
But unfortunately my CRL is still not found by openssl. Any ideas?
# ls -l /etc/pki/trust/anchors total 8 -rw-r--r-- 1 root root 690 Oct 18 13:34 MY-CA.crl -rw-r--r-- 1 root root 1424 Oct 18 13:34 MY-CA.crt # egrep '(BEGIN|END)' /etc/pki/trust/anchors/MY-CA.crt /etc/pki/trust/anchors/MY-CA.crl /etc/pki/trust/anchors/MY-CA.crt:-----BEGIN CERTIFICATE----- /etc/pki/trust/anchors/MY-CA.crt:-----END CERTIFICATE----- /etc/pki/trust/anchors/MY-CA.crl:-----BEGIN X509 CRL----- /etc/pki/trust/anchors/MY-CA.crl:-----END X509 CRL----- # openssl crl -noout -hash -in /etc/pki/trust/anchors/MY-CA.crl 49742892 # ln -sv /etc/pki/trust/anchors/MY-CA.crl /var/lib/ca-certificates/openssl/49742892.r0 '/var/lib/ca-certificates/openssl/49742892.r0' -> '/etc/pki/trust/anchors/MY-CA.crl' # update-ca-certificates # openssl verify -crl_check_all /etc/pki/trust/anchors/MY-CA.crt /etc/pki/trust/anchors/MY-CA.crt: CN = My CA
Is MY-CA.crt self-signed? What openssl x509 -issuer_hash -noout -in /etc/pki/trust/anchors/MY-CA.crt says?
error 3 at 0 depth lookup:unable to get certificate CRL
Greetings, Björn
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org