Resolved firefox ssl_error_expired_cert_alert

I was getting the error ‘ssl_error_expired_cert_alert’ in Firefox. I checked my client certificate and it hadn’t expired. I checked my CA certificate and it hadn’t expired. It turned out that the problem was that my ca.crl Certificate Revocation List had expired. I fixed that by running jj5-bin empathy-ca-update-crl which says:

echo Updating CRL...
openssl ca -gencrl -config ca.cnf -cert cacert.crt -out ca.crl.pem -crldays 365
if [ "$?" -ne "0" ]; then
  echo Error updating CRL.
  exit 1
fi

echo Exporting CRL to DER format...
openssl crl -in ca.crl.pem -outform DER -out ca.crl.der
if [ "$?" -ne "0" ]; then
  echo Error exporting CRL in DER format.
  exit 1
fi

echo Viewing CRL...
openssl crl -in ca.crl.pem -noout -text
if [ "$?" -ne "0" ]; then
  echo Error viewing CRL.
  exit 1
fi

The Most Common OpenSSL Commands and viewing a CRL

Found a helpful article today, The Most Common OpenSSL Commands.

The particular command I needed wasn’t listed there though. What I needed to do was examine the contents of my Certificate Revocation List (CRL) certificate. I had a problem connecting to my website because it was complaining about an expired certificate and the culprit was indeed the CRL as I discovered when I ran:

 $ openssl crl -inform CER -in ca.crl -text -noout