Highest Voted 'crl' Questions - Server Fault Stack Exchange

2

votes

1 answer

How to verify Certificate Revocation List(s) against multiple certification paths

In a recent question, I outlined the steps for verifying a wildcard SSL certificate for connecting to PostgreSQL from a remote client (using the same wildcard certificate I use for my web server). Although I resolved that problem, one lingering…

asked Aug 19 '19 at 14:05

Parker

773
2
11
27

2

votes

0 answers

Keeping revocation lists up to date on Debian

I am using Debian Linux on several machines with different services (Apache, Freeradius, etc...) together with a Windows Server 2008R2 CA. I install the CA certificate by downloading it to /usr/local/share/ca-certificates and then calling…

debian crl

asked Nov 09 '17 at 09:34

terminal

41
3

2

votes

1 answer

Updating IIS' default CRL (Certificate Revocation List)

I'm in the process of creating a (IIS 8.5) web server which will require client authentication. Client authentication will be carried out using client certificates which will be issued by a third party CA. I want to be able to do the…

certificate iis-8.5 crl

asked Oct 09 '16 at 15:03

Mackolicious

123
3

2

votes

1 answer

Revoke multiple client certs signed by one CA: only the first one got denied?

OS: Ubuntu 12.04 OpenVPN version: 2.2.1-8 Setup: one CA cert, one server cert, multiple client certs Server config: port 1194 proto udp dev tun keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status…

openvpn openssl crl

asked Feb 12 '15 at 09:07

quanta

51,413
19
159
217

2

votes

1 answer

Windows 2012 SSTP The revocation function was unable to check revocation because the revocation server was offline

In order to get rid of "Error 0×80092013: The revocation function was unable to check revocation because the revocation server was offline" you have to install base/delta CRLs on the client you want to connect to the VPN server... However, it would…

windows-server-2008 vpn windows-server-2012 certificate-authority crl

asked Aug 26 '13 at 16:10

Theveloper

164
2
11

2

votes

3 answers

How Can I Disable CRL Checks For A Windows 2008 App Using WinHTTP?

I've got a Windows 2008 server with an app that uses WinHTTP for SSL sessions. The server is isolated from the internet but still tries to connect to CRL distribution points, which leads to some timeouts. Since the server has no access to the…

windows-server-2008 networking ssl crl

asked Jul 02 '12 at 18:54

Mike B

11,871
42
107
168

2

votes

2 answers

Maximum Size of CRL

Is there a CRL size that is beyond a practical limit? I did not find anything in the RFC. Is there any limit at all on the size of CRLs?

crl

asked Feb 15 '12 at 14:56

Engineer2021

601
8
25

2

votes

1 answer

Implications of Root CA without CRL

I'm currently setting up a PKI for my company and while I have come up with a good layout and planned the overall policy of certificate issuance, I'm still puzzled by what role the CRL plays. By looking at other root CA certificates installed in…

certificate-authority pki crl

asked Nov 10 '11 at 09:28

cvaldemar

1,106
1
10
12

2

votes

1 answer

CRL Check Questions

Windows XP | IE 7 Hi guys, From time to time, I'm seeing the following error come up: Revocation information for the security certificate for this site is not available. Do you want to proceed? However when I manually try retrieving the…

windows windows-xp ssl ssl-certificate crl

asked Jul 14 '10 at 16:15

Mike B

11,871
42
107
168

2

votes

0 answers

NGINX Client Certificate with Indirect CRL

I'm trying to implement mTLS using Nginx SSL Module. Everything works fine until I give Nginx CRL files concatenated in PEM format because one of the CRL is an Indirect CRL. The chain for a leaf certificate will look like this: Root -> CA1 -> CA2 ->…

nginx openssl crl client-certificate

asked Feb 22 '21 at 10:19

Romain V...

121
2

1

vote

0 answers

How does certutil determine that a cert is revoked

I'm testing that an x509 certificate can be correctly determined to be revoked. I'm taking the cert from https://revoked.badssl.com and verifying it via certutil. When my system is online, it seems to pull the CRL and determine that it is revoked. I…

x509 crl certutil revoked

asked Mar 08 '19 at 15:46

Stealth Rabbi

111
4

1

vote

1 answer

CRL revocation check failed

Issue with crl revocation check. I can telnet target server on port 80. I can download crl with internet explorer. But when i launch certutil : C:\Users\Administrateur\Desktop>certutil -urlfetch -verify alex.cer Émetteur: CN=get-SRV-DC-CA …

certificate certificate-authority crl certutil

asked Mar 05 '19 at 15:28

Alex Lum

145
1
4
16

1

vote

0 answers

CRL Checking and Proxy Server Authentication

We have an issue with our corporate Windows 10 clients checking Certificate Revocation Lists. When accessing websites or logging into apps etc we are seeing the popup message "Revocation Information for the security certificate for this site is not…

windows ssl group-policy crl

asked Mar 01 '18 at 12:03

Chris Edgington

225
2
3
11

1

vote

1 answer

RabbitMQ CRL Configuration

I've been trying to find available options for configuring CRL checking within RabbitMQ. RabbitMQ in turn seems to rely on Erlang's SSL library. Unfortunately, knowing very little about Erlang, so it has been difficult for me to understand: The…

rabbitmq crl erlang

asked Jan 27 '16 at 21:58

J Trana

113
5

1

vote

1 answer

wininet 12057 error contacting crl server

My employer's client side application is failing when initiating ssl connection. It uses wininet and it fails on error 12057, certification revocation server is not available. Although crl url carried in certificate is available from that machine.…

crl

asked Jun 30 '15 at 07:07

Jan Bohac

65
1
2
12

Questions tagged [crl]