|
Posted by =?Utf-8?B?Umlja3lWZW5l?= on September 30, 2007, 2:45 pm
If you were Registered and logged in, you could reply and use other advanced thread options
domain01.local. Is it possible to add the CRL distribution like this
"http://www.domain.com/certutil/cadomain.crl"?
Because documents say "it needs to be FQDN" so I need to add
"http://computerca.domain01.local/certutil/cadomain.crl". If it's like this,
this can't be seen on the internet.
Please clarify and more power, I'm waiting for your second book in PKI to be
published.
Thanks,
Ricky
"Paul Adare" wrote:
> On Fri, 28 Sep 2007 18:36:01 -0700, RickyVene wrote:
>
> > Hi,
> >
> > I've imported the contact certificate ".cer" both signed certificate and
> > root ca. And still the certificate on the email when clicked is giving me
> > warning: the certificate revocation list needed to verify the signing
> > certificate is either unavailable or it has expired.
> >
> > But the certificates are not expired. How do you make this email
> > certificate be trusted on the signed email?
>
> You need to read the error message again. It isn't complaining that the
> certificate is expired, it is complaining that the certificate revocation
> list is either expired or unavailable. The fact that you had to install the
> root cert would indicate that this is likely an internal PKI and that the
> CRL is simply not externally available. Check the certificate for the CDP
> URL and see if you can get to it.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Transistor: A sibling, opposite of transbrother.
>
| 
XML site map