cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: JÁKÓ András <jako.andras AT eik.bme.hu>
- To: Stefan Winter <stefan.winter AT restena.lu>
- Cc: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] static connectivity test: CRL false alarm
- Date: Wed, 13 Apr 2016 20:43:12 +0200
- Organization: Budapest University of Technology and Economics (BME)
> > I noticed that "Static connectivity tests" at
> > https://cat.eduroam.org/admin/action_realmcheck.php report a CRL problem
> > when the CRL is empty (CRL exists and is available, but no certificates
> > revoked yet). Simply revoking a certificate and updating the CRL makes
> > the false alarm go away.
>
> What is the false alert, exactly? That the cert is revoked while it's
> not, or that there is no CRL at the URL?
Stefan, I'm sorry I don't remember the exact error message. I'm sure it
did not say that the cert was revoked. It was something about the CRL
itself.
When I saw the error message I checked that the CRL is available at the
URIs specified in the certificate's "X509v3 CRL Distribution Points"
field, and also checked that the downloaded CRL can be parsed correctly
by openssl, and the CRL's content seemed fine. Then I issued and
revoked a certificate, updated the CRL, run CAT's static connectivity
tests, and the error was gone.
I'm happy to try to reproduce it, when I find some spare time.
Regards,
Andras
- [[cat-users]] static connectivity test: CRL false alarm, JÁKÓ András, 04/13/2016
- Re: [[cat-users]] static connectivity test: CRL false alarm, Stefan Winter, 04/13/2016
- Re: [[cat-users]] static connectivity test: CRL false alarm, JÁKÓ András, 04/13/2016
- Re: [[cat-users]] static connectivity test: CRL false alarm, Stefan Winter, 04/13/2016
Archive powered by MHonArc 2.6.19.