Should CRL from CA2 fail user auth with certs issued by CA1 if CRL from CA1?
I have two CAs, say CA1 and CA2. I will use user cert issued by CA1 to do auth. But, I will include CRL published by CA2 in my system.
openSSL seems to throw the error of X509_V_ERR_UNABLE_TO_GET_CRL, which means a CRL can not be found.
It is true that it can not be found because I did not include it. I included a CRL from another CA.
My question is: why a CRL from a CA bothers the auth with certs from another CA?
|