CRL – WindowsTechs.com

Certificate/key revocation

Posted on August 27, 2024 by somehybrid

Systems like Certificate Transparency and Key transparency store trees of keys/certificates. How would a user be able to remove a fraudulent/expired key or certificate? Do the trees stay the same and a separate list of revoked keys/certifi… Continue reading Certificate/key revocation→

Android Certificate Revocation Checking

Posted on January 15, 2024 by Elliot

I am hoping I can leverage everyone’s knowledge on this one as I am at a lose.
I have an Android 10 Device connecting to a containerized web application that is secured by a custom Certificate Authority. The OCSP addresses in the certific… Continue reading Android Certificate Revocation Checking→

is it necessary for cURL to check for CRL in Windows?

Posted on January 14, 2023 by Jameschad

I’m trying to set up cURL to get data from remote server at any sitaution. I use –tlsv1.3 –tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 –http2 to make it as secure as I can think of, using Windows 11. (tried http3 but cURL said it’s not f… Continue reading is it necessary for cURL to check for CRL in Windows?→

openssl verify: "unable to load certificates" error

Posted on September 17, 2022 by neubert

When I do openssl verify -CAfile signer.crt -untrusted signed.crl I get an unable to load certificates, which I don’t understand as both openssl x509 -in signer.crt -inform PEM -text -noout and openssl crl -in signed.crl -inform PEM -text … Continue reading openssl verify: "unable to load certificates" error→

Firewall is blocking OCSP (Online Certificate Status Protocol) check

Posted on October 25, 2021 by Ilya Chernomordik

I have a certificate issued by lets encrypt and one of the certificate in the path has this information:
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://x1.c.lencr.org/

On the client … Continue reading Firewall is blocking OCSP (Online Certificate Status Protocol) check→

Revoked certificate not getting into Microsoft CA CRL

Posted on October 19, 2021 by max

I have a CA and an Active Directory + ADFS instances set up on a Windows Server 2016 machine. I issued a client certificate for one of the users (for smart card logon) and then revoked it. However, I’m still able to log in via the revoked … Continue reading Revoked certificate not getting into Microsoft CA CRL→

OpenSSL and connection time

Posted on June 24, 2021 by Baranikumar Venkatesan

Does anyone know about the search mechanism used in OpenSSL w.r.t verifying a serial number against a CRL file?
I understand that in the case of Base-CRL approach, the file size will grow over time and also it depends upon the number of re… Continue reading OpenSSL and connection time→

CRL list is getting cleared when i revoke after an hour

Posted on May 18, 2021 by Teju

Through CLI I revoked 10 certificates continuously, when I checked CRL list serial number for all the Revoked certificates are present. after an hour I revoked 11th certificate after revoking when I checked CRL list old 10 revoked certific… Continue reading CRL list is getting cleared when i revoke after an hour→

Can CRL and CA Issuers urls contain spaces?

Posted on February 7, 2021 by Chi.C.J.Rajeeva Lochana

I am using OpenSSL
For example, I have a CRL/CA Issuers URL that is like this:
http://pki.example.com/Example Intermediate Certificate Authority.crl

#CA Issuers
caIssuers;URI.0 = http://pki.example.com/Example Intermediate Certificate Aut… Continue reading Can CRL and CA Issuers urls contain spaces?→

Every cert name in CRL database contains ‘unknown’

Posted on February 6, 2021 by Chi.C.J.Rajeeva Lochana

Every cert name in CRL database contains ‘unknown’, here is the CRL db:
# here is the problem………………………vvvvvvv………………………………………….
V 220206113901Z 43434A524C5231 unknown /C=IN/… Continue reading Every cert name in CRL database contains ‘unknown’→