Skip to main content
shikhakolekar
Staff
shikhakolekar
Staff
December 14, 2025

Troubleshooting Tip: CRL import fails with error 'unable to load CRL file'

  • December 14, 2025
  • 0 replies
  • 418 views

Description

 

This article defines various errors and steps taken to solve these errors noticed while importing the CRL. A common error starts with 'unable to load CRL file'.

 

Scope

 

FortiAuthenticator v6.6.6. 

 

Solution

 

Ensure that the Certificate Revocation List has some contents; if the content shows 0 bytes, re-download the CRL from the CA.

Verify to see if the CRL file has not expired: 'next update' field. 

 

Nextupdatefield.png

 

If the wrong format is added, the error message is: 'Unable to load CRL file "filename"'.

 CRLerror.png

         

Formats as DER encoded, X.509 is supported, other formats as .cer, PEM, will fail. 

OpenSSL can be used to check the format: 'openssl crl -in CRL.crl -text -noout'.

 

Verify to see if any details are missing:

  • Serial Number.
  • Signature and version.
  • Last update.
  • Next update.
  • Issuer.
  • Revocation date and reason.

 

If the import fails with the error 'Unable to load CRL file. Ensure that it has a valid format and not empty'.

It works as expected for any version before v6.6.6.

 

Validformat.png

 

This issue is fixed in version 6.6.7.

      Terms & ConditionsAccessibility statement