import contact signed certificate and root ca

  • Thread starter Thread starter RickyVene
  • Start date Start date
R

RickyVene

Hi,

I've imported the contact certificate ".cer" both signed certificate and
root ca. And still the certificate on the email when clicked is giving me
warning: the certificate revocation list needed to verify the signing
certificate is either unavailable or it has expired.

But the certificates are not expired. How do you make this email
certificate be trusted on the signed email?

Thanks,
Ricky
 
On Fri, 28 Sep 2007 18:36:01 -0700, RickyVene wrote:

> Hi,
>
> I've imported the contact certificate ".cer" both signed certificate and
> root ca. And still the certificate on the email when clicked is giving me
> warning: the certificate revocation list needed to verify the signing
> certificate is either unavailable or it has expired.
>
> But the certificates are not expired. How do you make this email
> certificate be trusted on the signed email?

You need to read the error message again. It isn't complaining that the
certificate is expired, it is complaining that the certificate revocation
list is either expired or unavailable. The fact that you had to install the
root cert would indicate that this is likely an internal PKI and that the
CRL is simply not externally available. Check the certificate for the CDP
URL and see if you can get to it.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Transistor: A sibling, opposite of transbrother.
 
My company's internet domain is domain.com but my AD domain is
domain01.local. Is it possible to add the CRL distribution like this
"http://www.domain.com/certutil/cadomain.crl"?

Because documents say "it needs to be FQDN" so I need to add
"http://computerca.domain01.local/certutil/cadomain.crl". If it's like this,
this can't be seen on the internet.

Please clarify and more power, I'm waiting for your second book in PKI to be
published.



Thanks,
Ricky



"Paul Adare" wrote:

> On Fri, 28 Sep 2007 18:36:01 -0700, RickyVene wrote:
>
> > Hi,
> >
> > I've imported the contact certificate ".cer" both signed certificate and
> > root ca. And still the certificate on the email when clicked is giving me
> > warning: the certificate revocation list needed to verify the signing
> > certificate is either unavailable or it has expired.
> >
> > But the certificates are not expired. How do you make this email
> > certificate be trusted on the signed email?
>
> You need to read the error message again. It isn't complaining that the
> certificate is expired, it is complaining that the certificate revocation
> list is either expired or unavailable. The fact that you had to install the
> root cert would indicate that this is likely an internal PKI and that the
> CRL is simply not externally available. Check the certificate for the CDP
> URL and see if you can get to it.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Transistor: A sibling, opposite of transbrother.
>
 
Back
Top