Mailing List Archive: CRL Problem

CRL Problem

Jan 7, 2005, 5:44 AM

Post #1 of 3 (2356 views)

Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP):

Serial number: 1B644C9F000000001395
Issuer: CN=Secure Messaging,O=Boeing,C=US
Subject: CN=26068,CN=recipients,OU=f22,O=boeing
sha1_fpr: 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6
md5_fpr: B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84
keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7
notBefore: 2004-02-09 18:28:16
notAfter: 2006-02-09 18:38:16
hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
keyType: 1024 bit RSA
authKeyId: 19
CN=The Boeing Company Root Certificate
Authority,OU=netscape,OU=certservers,O=Boeing,C=US
keyUsage: keyEncipherment
extKeyUsage: emailProtection (suggested)
policies: [none]
chainLength: not a CA
crlDP:
ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Services,CN=Services,?certificateRevocationList?base?objectclass=cRLDistributionPoint
issuer: none
crlDP:
http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl
issuer: none
authInfo: [error]
subjInfo: [none]
extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets]
extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets]

dirmngr stops when it encounters the LDAP UPL without a hostname.
--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com

Re: CRL Problem [ In reply to ]

bernhard at intevation

Jan 7, 2005, 7:49 AM

Post #2 of 3 (2257 views)

Permalink

On Fri, Jan 07, 2005 at 05:44:11AM -0700, John R. Shannon wrote:
> Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP):
>
> Serial number: 1B644C9F000000001395
> Issuer: CN=Secure Messaging,O=Boeing,C=US
> Subject: CN=26068,CN=recipients,OU=f22,O=boeing
> sha1_fpr: 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6
> md5_fpr: B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84
> keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7
> notBefore: 2004-02-09 18:28:16
> notAfter: 2006-02-09 18:38:16
> hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
> keyType: 1024 bit RSA
> authKeyId: 19
> CN=The Boeing Company Root Certificate
> Authority,OU=netscape,OU=certservers,O=Boeing,C=US
> keyUsage: keyEncipherment
> extKeyUsage: emailProtection (suggested)
> policies: [none]
> chainLength: not a CA
> crlDP:
> ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Services,CN=Services,?certificateRevocationList?base?objectclass=cRLDistributionPoint
> issuer: none
> crlDP:
> http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl
> issuer: none
> authInfo: [error]
> subjInfo: [none]
> extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets]
> extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets]
>
> dirmngr stops when it encounters the LDAP UPL without a hostname.

What does "stops" mean?
It usually also tried other methods.
You can for instance add the ldap server to the
dirmngr_ldapservers.conf file.

Re: CRL Problem [ In reply to ]

john at johnrshannon

Jan 7, 2005, 9:24 AM

Post #3 of 3 (2274 views)

Permalink

It looks like the problem is a bad crlDP. The hostname does not resolve in
DNS.

Thank you for looking at it.

On Friday 07 January 2005 07:49 am, Bernhard Reiter wrote:
> On Fri, Jan 07, 2005 at 05:44:11AM -0700, John R. Shannon wrote:
> > Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP):
> >
> > Serial number: 1B644C9F000000001395
> > Issuer: CN=Secure Messaging,O=Boeing,C=US
> > Subject: CN=26068,CN=recipients,OU=f22,O=boeing
> > sha1_fpr:
> > 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6 md5_fpr:
> > B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84
> > keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7
> > notBefore: 2004-02-09 18:28:16
> > notAfter: 2006-02-09 18:38:16
> > hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
> > keyType: 1024 bit RSA
> > authKeyId: 19
> > CN=The Boeing Company Root Certificate
> > Authority,OU=netscape,OU=certservers,O=Boeing,C=US
> > keyUsage: keyEncipherment
> > extKeyUsage: emailProtection (suggested)
> > policies: [none]
> > chainLength: not a CA
> > crlDP:
> > ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Se
> >rvices,CN=Services,?certificateRevocationList?base?objectclass=cRLDistribu
> >tionPoint issuer: none
> > crlDP:
> > http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl
> > issuer: none
> > authInfo: [error]
> > subjInfo: [none]
> > extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets]
> > extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets]
> >
> > dirmngr stops when it encounters the LDAP UPL without a hostname.
>
> What does "stops" mean?
> It usually also tried other methods.
> You can for instance add the ldap server to the
> dirmngr_ldapservers.conf file.

--
John R. Shannon, CISSP
Sr. Software Scientist
Science Applications International Corporation
john.r.shannon@saic.com
john@johnrshannon.com