[Eisfair] [E1] certs: update revocation-list Fehlermeldung

Rolf Bensch azubi at bensch-net.de
Mi Nov 20 17:25:30 CET 2019 

Hallo Marcus,

Am 20.11.19 um 15:00 schrieb Marcus Roeckrath:
> Hallo Rolf,
> 
> Rolf Bensch wrote:
> 
>>> Ich sehe hier auh erst einmal kein Problem. Was zeigt bei Dir denn
>>> folgender Befehl an?
>>>
>>>     /var/install/bin/certs-show-chain  whserv.de.pem
>>
>> ibs-server # /var/install/bin/certs-show-chain  whserv.de.pem
>> The file '/usr/local/ssl/certs/whserv.de.pem.pem' doesn't exist on this
>> server!
> 
> Ich habe bei einem anderen Zertifikat auch so eine Meldung:
> 
> fetching CRL URLs from certificates ...
> [...]
> - file digicert_sha2_secure_server_ca.pem ...
>    url 'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem' added
> to CRL list.
> [...]
> - downloading
> 'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem' ...
>    file 'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem'
> download failed!
> checking if a task for each at-job has been created ...
> checking if remaining running tasks are CRL update tasks ...
> updating hashes ...
> finished.

von digicert.com erhalte ich auch ein "download failed". Im Test war 
dieser Server allerdings nicht erreichbar.

> 
> Wir bräuchten dann mal den kompletten Log des Vorgangs, den du auch auf der
> Konsole anstoßen kannst:
> 
> echo | /var/install/bin/certs-update-crl --all

Ich vermute Du meinst die Bildschirmausgabe:

Certificate revocation list (CRL) handling

fetching CRL URLs from certificates ...
- file comodo_rsa_certification_authority.pem ...
   url 
'http[s]?://ocsp.usertrust.com/!comodo_rsa_certification_authority.pem' 
already in CRL list.
- file comodo_rsa_domain_validation_secure_server_ca.pem ...
   url 
'http[s]?://ocsp.comodoca.com/!comodo_rsa_domain_validation_secure_server_ca.pem' 
already in CRL list.
- file gmx_de.pem ...
   url 'http[s]?://ocsp.serverpass.telesec.de/ocspr/!gmx_de.pem' already 
in CRL list.
- file groener.spdns.org.pem ...
   url 'http[s]?://ocsp.int-x3.letsencrypt.org/!groener.spdns.org.pem' 
already in CRL list.
- file imap.gmx.net.pem ...
   url 'http[s]?://ocsp.telesec.de/ocspr/!imap.gmx.net.pem' already in 
CRL list.
- file lets_encrypt_authority_x3.pem ...
   url 'http[s]?://crl.identrust.com/DSTROOTCAX3CRL.crl' already in CRL 
list.
- file mail.gmx.net.pem ...
   url 'http[s]?://ocsp.serverpass.telesec.de/ocspr/!mail.gmx.net.pem' 
already in CRL list.
- file serverdomain.org.pem ...
   url 'http[s]?://ocsp.comodoca.com/!serverdomain.org.pem' already in 
CRL list.
- file telesec_serverpass_extended_validation_class_3_ca.pem ...
   url 
'http[s]?://ocsp.telesec.de/ocspr/!telesec_serverpass_extended_validation_class_3_ca.pem' 
already in CRL list.
- file vb.myfirewall.org.pem ...
   url 'http[s]?://ocsp.int-x3.letsencrypt.org/!vb.myfirewall.org.pem' 
already in CRL list.
update all CRL files ...
- downloading 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ...
DSTROOTCAX3CRL.crl        100%[===================================>] 
994  --.-KB/s    in 0s
   converting CRL file to PEM format ...
- updating CRL list ...
- job '2654' (2019-12-13 18:34) already exists.
- downloading 
'http://ocsp.usertrust.com/!comodo_rsa_certification_authority.pem' ...
- updating CRL list ...
- job '2655' (2019-11-23 22:42) already exists.
- downloading 
'http://ocsp.comodoca.com/!comodo_rsa_domain_validation_secure_server_ca.pem' 
...
- updating CRL list ...
- job '2656' (2019-11-23 22:45) already exists.
- downloading 
'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem' ...
   file 'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem' 
download failed!
- downloading 'http://ocsp.serverpass.telesec.de/ocspr/!gmx_de.pem' ...
- updating CRL list ...
- job '2657' (2019-11-24 17:03) already exists.
- downloading 
'http://ocsp.int-x3.letsencrypt.org/!groener.spdns.org.pem' ...
- updating CRL list ...
- job '2658' (2019-11-24 00:03) already exists.
- downloading 'http://ocsp.telesec.de/ocspr/!imap.gmx.net.pem' ...
- updating CRL list ...
- job '2659' (2019-11-24 16:53) already exists.
- downloading 
'http://ocsp.serverpass.telesec.de/ocspr/!mail.gmx.net.pem' ...
- updating CRL list ...
- job '2660' (2019-11-24 18:07) already exists.
- downloading 'http://ocsp.comodoca.com/!serverdomain.org.pem' ...
- updating CRL list ...
- job '2661' (2019-11-24 07:17) already exists.
- downloading 
'http://ocsp.telesec.de/ocspr/!telesec_serverpass_extended_validation_class_3_ca.pem' 
...
- updating CRL list ...
- job '2662' (2019-11-24 16:43) already exists.
- downloading 
'http://ocsp.int-x3.letsencrypt.org/!vb.myfirewall.org.pem' ...
- updating CRL list ...
- job '2664' (2019-11-24 23:03) already exists.
- downloading 'http://ocsp.comodoca.com/!whserv.de.pem' ...
   file 'http://ocsp.comodoca.com/!whserv.de.pem' download failed!
updating hashes ...
finished.
Press ENTER to continue

Grüße Rolf

Mehr Informationen über die Mailingliste Eisfair