cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 17
Report Inappropriate Content
Message 11 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hi David,

this is

IPS Seguridad CA - IPS SERVIDORES

It is expired since Dec 29 23:21:07 2009 GMT.

Let me know if you were able to find it.

Best,

Andre

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Thank you for the quick reply.  I have found the CA.  Is it strange that the error only started to appear on 4 April since it expired in 2009?

Highlighted
Level 17
Report Inappropriate Content
Message 13 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

I assume the server hosting the CRL list was still up and running. Probably they have shutdown this system now 🙂

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Andre,

Very well.  Thank you again for your assistance!

Best regards,

David

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hi Andre,

I am getting this error:

[2012-04-23 23:17:29.573 +02:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA 'IPS Seguridad CA - IPS SERVIDORES' with digest '24ba6d6c8a5b5837a48db5fae919ea675c94d217' ('error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag').

Unfortunately I cannot edit the list as it is a McAfee maintained/subscribed list (MWG v7.2)

Thanks

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Thanks Andre,

This is the update.log

El mensaje fue editado por: maitane on 23/02/12 9:55:49 CST
Highlighted
Level 17
Report Inappropriate Content
Message 17 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hmm... I only see successful updates in the log. Can you tell me the time/date of the event in the dashboard? Can you maybe provide an errors.log from data point of time as well?

BEst,

Andre

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hi Andre,

Yes that´s what I realised yesterday, there is no failed update in the log and neither today but the warning is still displayed.

Yesterday´s warning date is 23-Feb 2012 03:38:03

Which error.log do you need? Where can I find it?

Is there any problem if I delete manually all the expired CAs? I´ve seen several expired CAs

Thanks.

Regards.

Highlighted
Level 17
Report Inappropriate Content
Message 19 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hello,

if a CA is expired you can remove it.

The CA update error should be in the mwg-core*.log. If you have SSH access you can simply run

egrep CannotLoadCRL /opt/mwg/log/mwg-errors/mwg-core*

That should give a list of CA load issues.

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Thanks Andre, here it is:

[root@HZKWSG-EJ00 ~]# egrep CannotLoadCRL /opt/mwg/log/mwg-errors/mwg-core*

/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2012-02-24 03:37:53.696 +01:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL for CA with digest 'd29f6c98befc6d986521543ee8be56cebc288cf3' ('error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag')

[root@HZKWSG-EJ00 ~]#

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community