Found CRL is expired - revoking all certificates until you get an updated CRL
6,204
False alarm. I had created my own revocation list with openssl which I was using for client authentication and this had expired.
For anyone who is interested there is some great advice on implementing certificate based access control for your sites at:
Just make sure your .crl does not expire ;-)
Related videos on Youtube
00 : 54
Review Update CRL (Certificate Revocation List) - Sophos XG Firewall
03 : 28
What is a Certificate Revocation List (CRL)?
06 : 40
Revocation of digital certificates: CRL, OCSP, OCSP stapling
04 : 48
What is CRL?(Certificate Revocation List), CRL check? //CRL check after validating a certificate?
01 : 23
DevOps & SysAdmins: Found CRL is expired - revoking all certificates until you get an updated CRL
Author by
Admin
Updated on November 20, 2022Comments
-
Admin over 1 year
My Apache-based application running on my VPS has recently stopped serving SSL transactions.
I am getting errors like the following in the error_log:
[Tue Aug 24 12:39:00 2010] [warn] Found CRL is expired - revoking all certificates until you get updated CRL [Tue Aug 24 12:39:00 2010] [error] Certificate Verification: Error (12): CRL has expiredHas anyone had this issue and know of a way of updating the CRLs?
System vitals: Ubuntu 8 Linux 2.6.18-028 Apache 2.2.8 OpenSSL 0.9.8g