Support of Indirect CRL and How to?
Romain Viau
romain at viau.dev
Thu Feb 25 10:14:38 UTC 2021
Hi everybody,
I am trying to implement a complex PKI and some parts are based on a Indirect CRL issued by a specific certificate.
I found that the "openssl verify" command works fine if I had the CRL issuer as "-untrusted" argument.
But this check doesn't work if I only add the CRLIssuer cert in the CApath (with `openssl rehash` operation).
The CA issuing the User certificate is offline, so I coudn't manage its CRL and my final use case is to implement the CRL verification by a server like Nginx or Apache. So, can I make it work with SSL_CONF_cmd and with which parameters?
Regards,
Romain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210225/768e7a88/attachment.html>
More information about the openssl-users
mailing list