shiufun
07-10-2005, 03:13 AM
Here is the delima :)
I have created an internet certifier (self-signed certificate), crl
signed by the same certifier with root key, and a server certificate
which I will used for the SSL server (foo.bar.com).
the server certificate contains cdp extension (I have tested both with
LDAP and HTTP for the cdp).
From the IE browser, I accept the root certificate as the trust
authority. Perform an SSL to the server (https://foo.bar.com), I
received the following message "Revocation information for the
security certificate for this site is not available. Do you want to
proceed?".
So that is strange. I then use ethereal to monitor the traffic, and
the browser did request the crl and crl was returned to the machine.
And if I checked the "Temporary Internet Files" folder, the crl was
there.
Hmm. OK, next check is on the signature. Using openssl, I can verify
the signature of the CRL, it is properly signed by the certifier.
Next, I import the crl into IE. That did not solve the problem.
Still the same error "Revocation information for the security
certificate for this site is not available. Do you want to
proceed?". If both the webserver, and browser is on the same
machine, the IE seems to perform some Active Directory lookup (which
returns a connection failure). But my browser and webserver are on 2
different machines - I still run into the issue.
HELP.. Any idea ? And did anyone run into this bizzare situation with
IE ?
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-Issue-CRL-process-ftopict549338.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1738442
I have created an internet certifier (self-signed certificate), crl
signed by the same certifier with root key, and a server certificate
which I will used for the SSL server (foo.bar.com).
the server certificate contains cdp extension (I have tested both with
LDAP and HTTP for the cdp).
From the IE browser, I accept the root certificate as the trust
authority. Perform an SSL to the server (https://foo.bar.com), I
received the following message "Revocation information for the
security certificate for this site is not available. Do you want to
proceed?".
So that is strange. I then use ethereal to monitor the traffic, and
the browser did request the crl and crl was returned to the machine.
And if I checked the "Temporary Internet Files" folder, the crl was
there.
Hmm. OK, next check is on the signature. Using openssl, I can verify
the signature of the CRL, it is properly signed by the certifier.
Next, I import the crl into IE. That did not solve the problem.
Still the same error "Revocation information for the security
certificate for this site is not available. Do you want to
proceed?". If both the webserver, and browser is on the same
machine, the IE seems to perform some Active Directory lookup (which
returns a connection failure). But my browser and webserver are on 2
different machines - I still run into the issue.
HELP.. Any idea ? And did anyone run into this bizzare situation with
IE ?
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-Issue-CRL-process-ftopict549338.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1738442