ERROR: Invalid: CRL Decode Error

  • 3205138
  • 09-Oct-2007
  • 13-Feb-2017


Novell eDirectory 8.8 SP7

Novell iManager 2.6

PKI/Certificate Server Plugin


Using the Certificate Server Plugin in Novell iManager 2.6 to verify an external certificate throws the following error:
ERROR: Invalid: CRL Decode Error
LAN traces show that the HTTP server hosting the CRL (Certificate Revocation List) indicated in the certificate returns an HTTP 302 (URL Moved Temporarily) error.
Attempts to access the URL for the Certificate Revocation List using Mozilla Firefox or Internet Explorer are successful and the .crl file can be downloaded successfully.


The Certificate Server Plugin is not currently enabled to handle the HTTP 302 error. Therefore, it does not try and access the CRL from the new location provided by the HTTP server and results in a validation failure for this certificate. An enhancement request has been filed for PKI Engineering to investigate this issue.

The certificate itself can still be used by the Novell Web Server.  Browsers will still check that it's been signed by a Digicert Certificate Authority.  Therefore, the user won't get a message that the certificate is from an site that's not trusted.  In addition, all http requests over SSL will still work correctly.


Reported to Engineering

Additional Information

6/2/09 - Added information in the resolution section that the cert is still good.