LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   My CRL file error : PEM routines:PEM_read_bio:no start line:pem_lib (https://www.linuxquestions.org/questions/linux-newbie-8/my-crl-file-error-pem-routines-pem_read_bio-no-start-line-pem_lib-831311/)

jecoso 09-10-2010 12:46 AM
My CRL file error : PEM routines:PEM_read_bio:no start line:pem_lib
 
I am configuring my Apache Server to enable checking CA Revocation List, and my Configuration lists as following :

Code:
SSLCARevocationFile /etc/httpd/confi.d/ssl.crt/CRL1.crl
But the server can not start, and the log says:

Code:
Unable to configure X.509 Storage for certificate
If I try this command to view content of my CRL file :

Code:
openssl crl -text -in CRL1.crl -noout
the console shows :
Code:
error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib:647:Expecting: X509 CRL
I think there is something wrong with my CRL file, such as the file format.Is there any requirement to the CRL file? What can I do to enable this CRL file checking?

Any hints will be highly appreciated.
Thanks in advance.

xeleema 09-10-2010 03:13 AM
From the Apache mod_ssl page, it says the CRL file has to be an all-in one PEM-encoded CRL file.

Is it PEM encoded?

EDIT: You might want to try one of the CRLs from a Certificate Authority (like these guys)

jecoso 09-10-2010 06:00 AM
Quote:
Originally Posted by xeleema (Post 4093218)
From the Apache mod_ssl page, it says the CRL file has to be an all-in one PEM-encoded CRL file.

Is it PEM encoded?

EDIT: You might want to try one of the CRLs from a Certificate Authority (like these guys)
Thanks for your reply, my crl file is DER encoded, so I convert it to PEM.
And the server can be restarted successfully.

Thank you very much.


All times are GMT -5. The time now is 12:03 AM.