The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> I have a problem with the „Realm testing“ for our realm „ffhs.ch
>
> The tool tells me: “The extension 'CRL Distribution Point' in the server
> certificate points to a non-existing location.” (see attached screenshot)
>
> The location in the certificate is:
> http://ca.ffhs.ch/ffhs_eduroam_radius_ca.crl
> 
> I have tryied this location from internal and external and I got always
> the CRL.
> 
> What could be wrong?

RFC5280 section 4.2.1.13. states: "When the HTTP or FTP URI scheme is
used, the URI MUST point to a single DER encoded CRL as specified in
[RFC2585]."

The URL you have in the certificate points to a PEM-encoded file, not a
DER-encoded file.

So, our error message slightly misses the point, granted. But it made
you look in the right direction, which I guess means it has done its job :-)

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature