The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[JÁKÓ András <jako.andras AT eik.bme.hu>]

> > I noticed that "Static connectivity tests" at
> > https://cat.eduroam.org/admin/action_realmcheck.php report a CRL problem
> > when the CRL is empty (CRL exists and is available, but no certificates
> > revoked yet). Simply revoking a certificate and updating the CRL makes
> > the false alarm go away.
> 
> What is the false alert, exactly? That the cert is revoked while it's
> not, or that there is no CRL at the URL?

Stefan, I'm sorry I don't remember the exact error message. I'm sure it
did not say that the cert was revoked. It was something about the CRL
itself.

When I saw the error message I checked that the CRL is available at the
URIs specified in the certificate's "X509v3 CRL Distribution Points"
field, and also checked that the downloaded CRL can be parsed correctly
by openssl, and the CRL's content seemed fine.  Then I issued and
revoked a certificate, updated the CRL, run CAT's static connectivity
tests, and the error was gone.

I'm happy to try to reproduce it, when I find some spare time.

Regards,
Andras