But let me be somewhat more specific. If I use the openssl ca utility, it is technically possible to revoke a cert which has expired for instance for one year. If I generate a CRL (via the ca utility) the cert
appears on the CRL.
Does this make any sense?
The crl tool has to be able to include an expired certificate in order to handle this flow
revoke crl-n expire crl-n+1 remove-from-crl-list
make sense?
/r$-- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
