It considers that the CRL found at "hash".r0 isn't valid or sufficient to give a revocation status of your certificate. Could you post the subscriber certificate, its issuing CA cert, and the corresponding CRL somewhere?
2014-04-14 10:32 GMT+02:00 Emmanuel Dreyfus manu@netbsd.org:
On Sun, Apr 13, 2014 at 12:21:10PM +0200, Christian Kratzer wrote:
I think this is because the CRL Next Update is in the past. I will renew the CRL to check that.
yes an expired crl will usually cause validation to fail.
Now with a valid CRL, I still have the same problem: it loads /etc/openssl/certs/0726b466.r0, then tries and fails on: /etc/openssl/certs/0726b466.r1 /etc/openssl/cert.pem/0726b466.r0
And then it fails with this complain: TLS certificate verification: Error, unable to get certificate CRL
-- Emmanuel Dreyfus manu@netbsd.org