I am far from an SSL certficate expert but I generally understand how everything works since we have to manually re-key the servers yearly.

Here is my problem. The default CRL distribution points don't seem to work. My CA has moved to a new server, it is up and running with the original key imported that doesn't expire for a long time. I have a CRL created which is recreating itself automatically and the file exists where it is set to be created. /var/opt/novell/eDirectory/data/dib/SYS:apache2/htdocs/crl

This is on the latest version of an OES 11 server hosting my CA.

Now since my set to defaults -
ldap://localCAIP:389/CN=CRL_1,CN=CRL_1 - Configuration,CN=CRL Container,CN=Security
ldap://server2.domain.com:389/CN=CRL_1,CN=CRL_1 - Configuration,CN=CRL Container,CN=Security

I assume that the LDAP ones will not work as LDAP is set to only accept TLS, which would require ldaps: 636 port. You seem to specify LDAPS(636) as a CRL distribution point. So I assume I should delete the two LDAP entries.

So that leaves HTTP as the option for handing out the CRL to other servers that need to verify their certificates. The problem is that apparently the defaults do not work. /var/opt/novell/eDirectory/data/dib/SYS:apache2/htdocs/crl/CRL_1.crl does not correspond to http://localCAIP:80/crl/CRL_1.crl. Otherwise, I'd assume that I would be able to enter it into a web browser and get some positive response vs a URL not found error.

Here is my rudimentary problem/question - what location do I need to copy the CRL to in order to refer to it as http://localCAIP:80/crl/CRL_1.crl? I'd assume a sub-container of the location of the welcome page but I could use a swift kick to the cranium to get the distribution point to work from the CA server. Then I can script the copy of the new CRL to that location.

Until then all my certificates on other servers that need to be rekeyed, validated, and then copied using the nice Cool Solutions script are on hold.

Please help me understand where I can host my CRL on the local OES 11 server with Apache2 and refer to it via URL. Thank you.