CRL Watch Troubleshooting Tips and Source Code
244 views
Skip to first unread message
Andrew Ayer
Jan 19, 2026, 4:45:59 PMJan 19
to pub...@ccadb.org
To help CAs better troubleshoot and prevent problems detected by CRL Watch:
https://sslmate.com/labs/crl_watch/ now includes some troubleshooting tips which explain how to resolve common problems reported by CRL Watch.
https://sslmate.com/labs/crl_watch/ now has a form (at the bottom of the page) where you can submit a CRL URL or JSON array of partitioned CRLs for validation.
The source code used by CRL Watch to validate CRLs is now available at <https://github.com/SSLMate/crlutil>. It includes a command line tool, checkcrl, that can check a CRL, or a list of partitioned CRLs, in the same way that CRL Watch does.
Note that CRL Watch is not a linter - it just does basic sanity checks to make sure a CRL disclosure is correct. The best time to run checkcrl or use the online form is when updating a CCADB disclosure, to confirm that the information you're about to disclose is correct; for checking a CRL at signing time, use a linter.
Regards,
Andrew
https://sslmate.com/labs/crl_watch/ now includes some troubleshooting tips which explain how to resolve common problems reported by CRL Watch.
https://sslmate.com/labs/crl_watch/ now has a form (at the bottom of the page) where you can submit a CRL URL or JSON array of partitioned CRLs for validation.
The source code used by CRL Watch to validate CRLs is now available at <https://github.com/SSLMate/crlutil>. It includes a command line tool, checkcrl, that can check a CRL, or a list of partitioned CRLs, in the same way that CRL Watch does.
Note that CRL Watch is not a linter - it just does basic sanity checks to make sure a CRL disclosure is correct. The best time to run checkcrl or use the online form is when updating a CCADB disclosure, to confirm that the information you're about to disclose is correct; for checking a CRL at signing time, use a linter.
Regards,
Andrew
Trevoli Ponds-White
Feb 13, 2026, 12:55:58 PM (7 days ago) Feb 13
to CCADB Public, Andrew Ayer
Thanks Andrew. We've been finding the additionally clarity useful. One question we had was whether or not you can make a differentiation between items that are required vs optional? Similar to how the linters classify items as warnings vs errors?
Reply all
Reply to author
Forward
0 new messages