Hi List,
I would like to setup an OpenSSL-based offline Root CA.
Certificates issued by this Root CA contain a CDP.
I would like to issue CRLs every 3 days, which would mean that I would
have to take the offline Root CA online each 3 days.
Is there a way to let the Root CA issue a "CRL signer certificate",
which can then run on a different machine for CRL signature?
For OCSP it seems to be possbile (RFC2560, 2.6 - "OCSP Signature
Authority Delegation"). Does anybody know whether it's possible for
CRL's using OpenSSL?
Thanks for any advice,
Sven
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
