- XCA 0.4.5
- Netscape 7.1
Preceding work phases:
- Created a root CA with 4k key
- Created user certificates witn 1k and 2k keys
- Revoked some of the certificates
- Generated a CRL
- Exported the CRL in PEM and DER format
The generated CRLs (PEM and DER) work fine with
windows (IE). The operating system recognizes the CRLs
and is quite happy with them.
Netscape accepts only DER encoded CRLs.
However, Netscape 7.1 gives an error message when
importing the CRL:
"The browser cannot import the CRL.
New CRL has an invalid format.
Please ask your administrator for assistance."
Maybe the problem is caused by Netscape. However, I
managed to get DER encoded CRLs working with earlier
versions of XCA but not anymore. The problem has been
tested on several workstations running the same version
The DER-encoded CRL is here as an attachment, please
have a look.