[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with CRL handling


Am 29.03.2017 um 08:39 schrieb Christopher Odenbach:
> Where should I install my CRL that the default 
> Debian mechanisms work as expected?

AFAIK there is no specific place for CRL files in Debian but for your
specific use case I would suggest to define the location of your CRL
file in your certificate, upload the certificate revocation list to a
remote location and let your hosts retrieve it via a cron-like mechanism
on a regular basis. A tool like fetch-crl [1] might be useful for this
task but I have never used it, so no guarantee here.

Second option: Create a Debian package that includes your certificate
and distribute it with your own apt-repository. A tool like reprepro can
be useful. [2] See


for more information.

The error message

java.io.IOException: Invalid encoded CertificateValidity, starting
sequence tag missing.

appears to come from [3]. Maybe the file must be DER encoded but I
believe the CRL file should be stored somewhere else though.



[1] https://tracker.debian.org/pkg/fetch-crl
[2] https://tracker.debian.org/pkg/reprepro

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: