john at johnrshannon
Jan 7, 2005, 9:24 AM
Post #3 of 3
(1118 views)
Permalink
|
It looks like the problem is a bad crlDP. The hostname does not resolve in
DNS.
Thank you for looking at it.
On Friday 07 January 2005 07:49 am, Bernhard Reiter wrote:
> On Fri, Jan 07, 2005 at 05:44:11AM -0700, John R. Shannon wrote:
> > Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP):
> >
> > Serial number: 1B644C9F000000001395
> > Issuer: CN=Secure Messaging,O=Boeing,C=US
> > Subject: CN=26068,CN=recipients,OU=f22,O=boeing
> > sha1_fpr:
> > 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6 md5_fpr:
> > B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84
> > keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7
> > notBefore: 2004-02-09 18:28:16
> > notAfter: 2006-02-09 18:38:16
> > hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
> > keyType: 1024 bit RSA
> > authKeyId: 19
> > CN=The Boeing Company Root Certificate
> > Authority,OU=netscape,OU=certservers,O=Boeing,C=US
> > keyUsage: keyEncipherment
> > extKeyUsage: emailProtection (suggested)
> > policies: [none]
> > chainLength: not a CA
> > crlDP:
> > ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Se
> >rvices,CN=Services,?certificateRevocationList?base?objectclass=cRLDistribu
> >tionPoint issuer: none
> > crlDP:
> > http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl
> > issuer: none
> > authInfo: [error]
> > subjInfo: [none]
> > extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets]
> > extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets]
> >
> > dirmngr stops when it encounters the LDAP UPL without a hostname.
>
> What does "stops" mean?
> It usually also tried other methods.
> You can for instance add the ldap server to the
> dirmngr_ldapservers.conf file.
--
John R. Shannon, CISSP
Sr. Software Scientist
Science Applications International Corporation
john.r.shannon [at] saic
john [at] johnrshannon
|
