cancel
Showing results for 
Search instead for 
Did you mean: 
bornheim
Level 7

CRLs for the certificate chain filter can not be loaded

Hi,

I got two CannotLoadCRL errors since several days:

[CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA '22d5d8df8f0231d18df79db7cf8a2d64c93f6c3a' with digest '22d5d8df8f0231d18df79db7cf8a2d64c93f6c3a' ('').

[CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL of CA 'cac55f77bc17b247b0b9f591f58e6ae97bfb9e1b' with digest 'cac55f77bc17b247b0b9f591f58e6ae97bfb9e1b' ('').

While I could go, search and delete these - probably expired - CAs, I wonder where they come from. I only use the McAfee maintained list of CAs and would expect to be pampered a little. :-) Shouldn't McAfee delete these?

Kind regards,

Robert

0 Kudos
2 Replies
pcoates
Level 10

Re: CRLs for the certificate chain filter can not be loaded

You an see this thread as well:

Info:

'm listing the certificates below. Both certs do have valid and accessible CRL entries within the certificate, however it looks like they haven't been listed in the maintained list. The OCSP responder URI's are present, but it may be that there is an error in formatting from that maintained list. McAfee will need to update the maintained list to reflect the proper CRL URI

315

Subject:CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Issuer:CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Not Before:04/11/2007 7:00:00 PM

Not After:18/01/2038 6:59:59 PM

Version:3

Algorithm:sha384ECDSA

Serial:2F80FE238C0E220F486712289187ACB3

Thumbprint:22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A

MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL

{snip}

9SDkjOVga

FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==

  [✔] true

EDIT:  CRL:

http://crl.verisign.com/pca3-g4.crl

263

Subject:CN=Symantec Class 3 ECC 256 bit Extended Validation CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Issuer:CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Not Before:19/12/2012 7:00:00 PM

Not After:19/12/2022 6:59:59 PM

Version:3

Algorithm:sha384ECDSA

Serial:4D955D20AF85C49F6925FBAB7C665F89

Thumbprint:CAC55F77BC17B247B0B9F591F58E6AE97BFB9E1B

CRL URI:http://crl.ws.symantec.com/pca3-g4.crl

MIID4zCCA2qgAwIBAgIQTZVdIK+FxJ9pJfurfGZfiTAKBggqhkjOPQQDAzCByjEL

{snip}

wT8IvzpLFqb3O

fU7UGztmJOpOzYKvVEqI7+O/OpNjVCF9EjDSMs2ryYGwpxFDe0Vm

  [✔] true

I've sent a request to support to verify and correct the CRL entries for these two certs.

0 Kudos
michael-s-w
Level 9

Re: CRLs for the certificate chain filter can not be loaded

Hi pcoates,

thanks a lot for sending this problem as a support release. After updating my lists it seems, that there are some changes in the "maintained CertList". Normally every day  at 11:10 h I got the warning-messages, but since yesterday I "miss" the notice. Looks good!

Greetings from

Michael

0 Kudos