[openssl-users] Problems with openssl verify -crl_check ...

[Walter H.]

Hello,

openssl verify -CAfile root.pem -untrusted issuer.pem srvr.pem
gives this output
srvr.pem: OK

but
openssl verify -CAfile root.pem -crl_check -untrusted issuer.pem srvr.pem
gives this:
srvr.pem: C = US, OU = Domain Control Validated, CN = revoked.grc.com
error 3 at 0 depth lookup:unable to get certificate CRL

and doing this:
openssl verify -CAfile root.pem -crl_check issuer.pem
gives a similar result
issuer.pem: C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain 
Validation CA - G2
error 3 at 0 depth lookup:unable to get certificate CRL

the used certificate for these command-line samples are attached ...
(the SSL/TLS certificate and the whole chain of revoked.grc.com)

please, can someone tell me how to check the CRL of certificate using 
openssl command-line?

Thanks,
Walter

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: root.pem
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0003.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: issuer.pem
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0004.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: srvr.pem
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0005.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151020/d8ef787d/attachment-0001.bin>