I’m hitting the following error on referencing a crl. I’ve attached an example crl file as well, to confirm its format, along with the openssl generation script.
How do I go about finding out what is causing this error? According to the Security Plugins guide, this is caused by an invalid crl. I’ve also tested against multiple crls, so I’m not sure what the expected format is. Is there any further information, not included in the Security Plugins guide that offers more information on the expected format?
Thanks.
Error:
[CREATE Participant] RTI_Security_CertHelper_loadCertsCrls:Error opening CRL file:..\..\..\..\LocalHierarchy\nodeca\crl.pem
[CREATE Participant] RTI_Security_AuthenticationData_create:failed to load certificate revocation list in file
[CREATE Participant] RTI_Security_AuthenticationData_create:file:..\..\..\..\LocalHierarchy\nodeca\crl.pem
[CREATE Participant] RTI_Security_PluginSuite_create:!create struct DDS_Authentication
[CREATE Participant] DDS_DomainParticipantTrustPlugins_initialize:!create security plugin
[CREATE Participant] DDS_DomainParticipant_createI:!create builtin trust plugins support
[CREATE Participant] DDS_DomainParticipantFactory_create_participant_disabledI:!create participant
DDSDomainParticipant_impl::create_disabledI:!create participant
DomainParticipantFactory_impl::create_participant_disabled():!create failure creating participant
DomainParticipantFactory_impl::create_participant_disabled_with_profile():ERROR: Failed to create participant from a profile
Crl:
-----BEGIN X509 CRL-----
MIIBzjCBtwIBATANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCV0MxEDAOBgNVBAoMB0tvbWF0c3UxDjAMBgNVBAsMBVNIMzUzMQ0wCwYDVQQD
DARTaXRlFw0yMDA1MjYyMzAyNTRaFw0yMDA2MjUyMzAyNTRaMCgwEgIBARcNMjAw
NTI2MDMxNDMwWjASAgEDFw0yMDA1MjYyMjU4MTBaoA4wDDAKBgNVHRQEAwIBDDAN
BgkqhkiG9w0BAQsFAAOCAQEApsVbXFeXiTiD2adHRumycRSJJA7mYtFba0oz0I5J
XQK5269e3k2YDxkH2xSidOmkBqhvHkiFCGmEJIv021sM/A8kEPmefrorBB/X7OfP
7wiFCSuQQHMa86Nh2AfTEYCxxUgJWYcAdTUx0t6g1JdlS3ORTigje4NXjAq4wjAH
tfWliza2TVuQnXe09RH4I0I0G8hleOsR81sstnxxW5X11Hr5mVzgn3UsUZ5Wkwzx
DdQfRv7ZFPApKZPMMx0qlkuZGxmFL3uCyBEvj2AaRZVBoA1YKrSru86zel0NmG5f
HGhL4acPGZ01u/Ib47aRkt1o7ggscR4+QQXLZxFBaDy8kQ==
-----END X509 CRL-----
Script used:
openssl ca -config ./nodeca/openssl.cnf -batch -gencrl -out .\nodeca\crl.pem 2>&1
I have resolved this issue: This field in the QOS doesn't support relative paths. I've updated the com.rti.serv.secure.authentication.crl_file field to use a full path to the file.
This can be closed. Thanks.