CRL PEM/DER format convert; Download CRL (DER format) to browser:
[root@igloo /tmp]# openssl crl -in /etc/httpd/conf/ssl.crl/crl.pem -out crl.der -outform der
[root@igloo /tmp]# openssl crl -text -noout -in /tmp/crl.der -inform der
Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Certificates Administration/CN=igloo Certificate Authority/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
Last Update: Dec 6 03:00:48 1999 GMT
Next Update: Jan 5 03:00:48 2000 GMT
Revoked Certificates:
Serial Number: 04
Revocation Date: Nov 15 22:36:26 1999 GMT
Serial Number: 06
Revocation Date: Dec 6 03:00:11 1999 GMT
Signature Algorithm: md5WithRSAEncryption
4b:7a:f4:a0:ec:33:45:a5:e6:92:a0:ca:7c:dc:b3:58:52:f5:
e9:47:c3:cd:e6:f5:bd:ad:9f:93:2d:f0:2c:a2:d8:ac:67:06:
ee:ca:38:bc:3b:ad:a8:1b:35:e2:b8:c8:4f:51:77:f6:8e:4c:
46:4c:2e:84:2e:d9:f9:25:9b:f8:41:f0:24:05:e8:50:ef:a3:
a4:1a:6e:1b:f5:67:c7:a3:9e:24:d4:12:25:32:3c:b6:48:4e:
d2:ac:2e:b9:7f:40:d3:33:ca:64:85:99:f6:b0:cc:34:63:ef:
02:3c:16:8a:95:56:88:32:c6:79:79:ee:c7:49:ae:ea:ff:83:
55:95
[root@igloo /tmp]# cd /home/httpd/html/
[root@igloo html]# cp /tmp/crl.der ca-bundle.crl
In your browser, go to url:
http://igloo.its.unimacq.edu.au/ca-bundle.crl
Then the CRL will download (import) to your browser automatically.
Check with:
Netscape -> Security -> Certificates (Signers) -> View/Edit CRL
Apache web server has the following line in its httpd.conf:
AddType application/x-pkcs7-crl .crl
|