S/MIME certificates with LDAP-only CRL uri
Werner Koch
wk at gnupg.org
Mon Feb 27 17:42:02 CET 2023
Hi!
I spent some time looking into this. The CRL is issued by a certificate
CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz Service GmbH,C=DE
However that certificate is not available: I only found the previous one:
ldapsearch -H ldap://ldap.dgnservice.de:389 -b 'O=DGN Deutsches Gesundheitsnetz Service GmbH,C=DE' -x -v -LLL "CN=dgnservice CRL2101 12:PN"
without the certificate we can't verify the CRL. Switching to OCSP does
also not work due to a missing certificate.
We have seen this problem already last year; see
https://dev.gnupg.org/rG90caa7ad598be123707f4d4651f9a64a74347626
Alexander: Maybe you can to ask DGN why they don't distribute that cert
but announce it in the CRL.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230227/bd205e67/attachment.sig>
More information about the Gnupg-users
mailing list