> -----Original Message----- > From: redpath > > I agree with this > > "Once again, I would like to advocate that the openssl verification code > should allow a self-signed certificate to revoke itself, using the same > mechanisms as for revoking anything else. " > > I was wondering how the root cert gets revoked. Anyway thanks for posting > that request.
A self-signed certificate can't be revoked via a crl, because you won't be able to successfully verify its signature. You have to communicate this fact out-of-band. I never understood why some root-cas put a crldp extension into their own certs. Patrick Eisenacher
