Guessing: fetch-crl is not running on the hosts without CRLs? Or it has
a problem of some sort? Could you run fetch-crl by hand?
-j
On 03/10/2012 11:28, Daniela Bauer wrote:
> Hi,
>
> I came across this yesterday, but I haven't been able to come up with
> an explanation:
>
> Why do some certificates (for lack of a better word) come without
> revocation lists ? (No obvious errors in fetch-crl.)
>
> And how can it be that for some certificates I (and not just me...)
> have no revocation lists on almost all of my machines, *except* my
> EMI2 CE ?
>
> e.g. EMI1
>
> [root@ceprod05 certificates]# ls -l 58b08*
> lrwxrwxrwx 1 root root 10 Sep 26 05:22 58b08cb5.0 -> MYIFAM.pem
> lrwxrwxrwx 1 root root 17 Sep 26 05:22 58b08cb5.namespaces -> MYIFAM.namespaces
> lrwxrwxrwx 1 root root 21 Sep 26 05:22 58b08cb5.signing_policy ->
> MYIFAM.signing_policy
>
> EMI2:
> [root@ceprod08 certificates]# ls -l 58b08*
> lrwxrwxrwx. 1 root root 10 Sep 25 12:08 58b08cb5.0 -> MYIFAM.pem
> lrwxrwxrwx. 1 root root 17 Sep 25 12:08 58b08cb5.namespaces ->
> MYIFAM.namespaces
> -rw-r--r--. 1 root root 1258 Oct 3 06:45 58b08cb5.r0
> lrwxrwxrwx. 1 root root 21 Sep 25 12:08 58b08cb5.signing_policy ->
> MYIFAM.signing_policy
>
>
> Note that both directories contain plenty of fresh revocation lists
> and are both up to version 1.50-1
>
>
> Cheers,
> Daniela
>
--
Scanned by iCritical.
|