Setup:
- XCA 0.4.5
- Netscape 7.1
Preceding work phases:
- Created a root CA with 4k key
- Created user certificates witn 1k and 2k keys
- Revoked some of the certificates
- Generated a CRL
- Exported the CRL in PEM and DER format
Problem:
The generated CRLs (PEM and DER) work fine with
windows (IE). The operating system recognizes the CRLs
and is quite happy with them.
Netscape accepts only DER encoded CRLs.
However, Netscape 7.1 gives an error message when
importing the CRL:
"The browser cannot import the CRL.
New CRL has an invalid format.
Please ask your administrator for assistance."
Maybe the problem is caused by Netscape. However, I
managed to get DER encoded CRLs working with earlier
versions of XCA but not anymore. The problem has been
tested on several workstations running the same version
of Netscape.
The DER-encoded CRL is here as an attachment, please
have a look.
Test CRL for demonstration. Try with Netscape 7.1
Logged In: YES
user_id=609294
solved in CVS by changing
GENERALIZEDTIME to UTCTIME
Logged In: NO
Thank you Chris. I hope the new release is on the way soon so
that I can generate a working CRL soon.
Keep up the *great* work!