FYI: Error importing a crl from file

Hi,

Just FYI, I had an error trying to import in Kleopatra a crl from the file attached. Also fails importing in dirmgr using --import-crl command. Importing in windows certmgr is ok and also using XCA program.

I hope to be useful…

BR

ec-ciutadania.crl (406 KB)

Hi Josep,
thanks for your feedback.

Unfortunately S/MIME is currently hard to setup. (More than necessary and more than OpenPGP.)

For a crl import to work, you’ll need to have the needed certficates imported already.
Here is my attempt on a GNU system with dirmngr (GnuPG) 2.2.6:
dirmngr -v --load-crl ec-ciutadania.crl
[…]
dirmngr[3573.0]: update times of this CRL: this=20180419T105056 next=20180426T105056
dirmngr[3573.0]: locating CRL issuer certificate by authorityKeyIdentifier
dirmngr[3573.0]: error fetching certificate by subject: Not implemented
dirmngr[3573.0]: CRL issuer certificate {0B68593E87C8A3151AE04082225F9F1DB2C53715} not found
dirmngr[3573.0]: crl_parse_insert failed: Missing certificate

Best,
Bernhard

Sorry Bernhard, I attach you a file with the forgotten certs in a .p7b format. So you can try again after importing this certs.

jmr.p7b (4.57 KB)

Josep,

the certificate that signed the crl is not in jmr.p7b as far as I can see.

Issuer: /C=ES/O=CONSORCI ADMINISTRACIO OBERTA DE CATALUNYA/OU=Serveis P\xC3\xBAblics de Certificaci\xC3\xB3/CN=EC-Ciutadania
X509v3 Authority Key Identifier: keyid:0B:68:59:3E:87:C8:A3:15:1A:E0:40:82:22:5F:9F:1D:B2:C5:37:15

The name is the same, but the keyid is not

HTH,
Bernhard