Posted: Mon Dec 26, 2016 11:48 pm Post subject: unable to get certificate CRL
Novice
Joined: 26 Jun 2014 Posts: 11
hi All,
We are trying to implement certification revocation list check on datapower. CRL has a entry in default domain for a HTTP service hosted on same datpower box(other domain). CRL is created using openssl in unix by following cmd:
PEM:
openssl x509 ca -config openssl.cnf -gencrl -keyfile rootkey.pem -cert rootCA.pem -out root_crl.pem
then we also converted to der
DER:
openssl crl -inform PEM -in root_crl.pem -outform DER -out root_crl_der.der
Error:
During SSL handshake it is unable to retrieve the CRL and gives the following error
valcred (VlCred): certificate validation failed for '/C=**/ST=******/O=TestApp2/CN=TestApp2' against 'VlCred': unable to get certificate CRL
Note:TestApp2 is a revoked cert.
Hence we expect datapower to check CRL and generate revocation error.
Kindly let us know if anything is missing or additional steps to be performed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum