cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 17
Report Inappropriate Content
Message 21 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hello,

it is the CA called "TC TrustCenter for Security in Data Networks GmbH", expired in July 2011. You can remove the CA or the CRL link, this should stop the message from appearing.

Best,

Andre

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Thanks very much Andre!!!!!

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hello,

Can you check it for me please?!

/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2012-04-18 10:51:08.265 -03:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL for CA with digest '24ba6d6c8a5b5837a48db5fae919ea675c94d217' ('error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag')

Thanks

Highlighted
Level 10
Report Inappropriate Content
Message 24 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

It appears that I too meed to delete the cert that Daniel Santos is refrencing.  In the post it comments about the ability to connect to a DB so that this does not happen in the future.  Is that an option.  I am running 7.0

Thanks

Highlighted
Level 10
Report Inappropriate Content
Message 25 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

It appears that is might be the IPS Servidores Cert.  It Expires Dec 29, 2009,  But then my question is why is it just now throwing an error?

Confirmation would be appreciated.

Highlighted
Level 12
Report Inappropriate Content
Message 26 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

I believe I am having the same problem.  Keep getting the error about a certificate CRL problem.

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

imtrying,

I had to delete the same file with the same hash (IPS Seguridad CA - IPS SERVIDORES, expired since Dec 29 23:21:07 2009 GMT).  And, I also asked why the problem is just appearing if the cert expired in 2009.  Andre from McAfee answered...  "I assume the server hosting the CRL list was still upand running. Probably they have shutdown this system now :-)"

Cheers,

David

Message was edited by: wollerd on 4/18/12 12:49:33 PM CDT
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 28 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hey Everyone!

See this thread: https://community.mcafee.com/message/236186#236186

This talks about isolating the issue yourself if you encounter the issue again.

~Jon

Highlighted

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

What about these:

/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2013-01-15 08:15:07.039 +00:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA 'SecureTrust Corporation - SecureTrust CA' with digest 'e4a465d019cee1e6fe0d27e2186093ca64e3a9c0' ('error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length').

/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2013-01-15 08:15:08.025 +00:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA 'IPS Seguridad CA - IPS SERVIDORES' with digest '24ba6d6c8a5b5837a48db5fae919ea675c94d217' ('error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag').

/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2013-01-15 08:15:08.025 +00:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA 'T-Systems International GmbH - TeleSec ServerPass CA 1' with digest 'f7f985cf3729101c8d8a9a03f2b9240737a08df3' ('error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length').

The certs do not seem to be expired!

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 30 of 33

Re: CRLs for the certificate chain filter can not be loaded

Jump to solution

Hi carsten,

this is not a Problem with the certs or their exiration. Your MWG tells You that it cannot load the Certificate Revocation List for the mentioned CA's.

Check the URI's of CRL for the corresponding CA's on Your Certificate Authority List (see example image attached)CRL-URI.jpg

Regards,

   Marcus

P.S.: If You have not done so already, i'd suggest to move to McAfee maintained CA Lists.

on 15.01.13 03:32:17 CST
P.S.: If you find this post helpful, thank You for giving it a Kudo :o)
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community