Check CRL for revoked certificates and valitity of CRL itself 
Saturday, 15 January 2022, 14:23 - OpenSSL
Posted by Administrator
To find out if a client certificate was rejected or if the Certificate Revocation List itself is still valid (not older than "Next Update" attribute defined):
openssl crl -inform DER -text -noout -in mycrl.crl

Most CRLs are DER encoded, but you can use -inform PEM if your CRL is not binary. If you’re unsure if it is DER or PEM open it with a text editor. If you see —–BEGIN X509 CRL—– then it’s PEM and if you see strange binary-looking garbage characters it’s DER.
add comment ( 126 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 128 )

<Back | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Next> Last>>