httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46531] Erroneously repots Server Certificate as Revoked if same serial No. in CRL
Date Fri, 16 Jan 2009 18:33:41 GMT

--- Comment #3 from Eric Covener <>  2009-01-16 10:33:41 PST ---
(In reply to comment #2)
> Certificate, which is Not revoked and Not expired.
> When I remove the line with the revoked User certificate with Serial
> No.00 from openssl's index.txt and generate a new CRL,
> put it on the Apache and restart Apache,
> the situation is normal again, the Apache behaves well, granting (or
> denying) access to the site as appropriate.
> It seems to me improper Apache to deny access to the site on the
> grounds of revoked User certificate with Serial No.00, just because
> the Server certificate has the same SerialNo. 00.
> Both the Server certificate and the CA Certificate (used to create the
> User Certificates and put on the Apache to check them) are
> self-signed.

Is your IE consulting the same CRL? I'm a little confused as to how your
symptom is a popup in IE.

Provide logs, config, cert details, and the verbatim message you see in IE.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message