CRL checks with gpgsm
Werner Koch
wk at gnupg.org
Fri Jul 27 10:22:33 CEST 2007
On Fri, 27 Jul 2007 02:45, timotheus at tstotts.net said:
>> What should go into this file? According to other posts, perhaps:
>> server:port:::o=organization,c=domain
>From the dirmngr manual:
`--ldapserverlist-file FILE'
Read the list of LDAP servers to consult for CRLs and certificates
from file instead of the default per-user ldap server list file.
The default value for FILE is `dirmngr_ldapservers.conf' or
`ldapservers.conf' when running in `--daemon' mode.
This server list file contains one LDAP server per line in the
format
HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN
Lines starting with a `#' are comments.
Note that as usual all strings entered are expected to be UTF_8
encoded. Obviously this will lead to problems if the password has
orginally been encoded as Latin-1. There is no other solution here
than to put such a password in the binary encoding into the file
(i.e. non-ascii characters won't show up readable).(1)
> The freemail certificate requires that
> http://crl.thawte.com/ThawtePersonalFreemailCA.crl
> be fetched and checked. But also,
> http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
> must be fetched for the intermediate certificate.
Does the intermediate CA specify this one as a DP? Use gpgsm
--dump-chain to check.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list