That's what I'm not sure about either. I think the general knowledge about CRL
is low among developers and administrators, considering mine and googled
knowledge. I looked at verisign's Class 1 Public Primary Certification
Authority crl and it has validity from 2011-03-22 until 2011-07-01. Quit
Hodie IV Non. Mai. MMXI, Viliam Ďurina scripsit:
> Thanks very much for the hints. Finally, I decided to generate CRL for three
> years and replace it, when something needs to be revoked, if ever. I think
> the support is not good. We will have to distribute the CRL issuer
> certificate to partn
. And generally, the
support and knowledge about indirect crl is low among developers...
Viliam
On 2.5.2011 14:00, Eisenacher, Patrick wrote:
Hi Villiam,
-Original Message-
From: Viliam Durina
Sent: Monday, May 02, 2011 12:50 PM
To: openssl-users> Subject: Possibility to create
read my post:
http://www.mail-archive.com/openssl-users@openssl.org/msg63740.html
On 11-05-02 06:50 AM, Viliam Ďurina wrote:
> Hello,
>
> I'm doing my own CA with openssl and want to regularly generate CRLs.
> We plan limited use of the CA (say 1-2 certificates per year), so the
> CA private key
Hi Villiam,
> -Original Message-
> From: Viliam Durina
> Sent: Monday, May 02, 2011 12:50 PM
> To: openssl-users> Subject: Possibility to create CRL without the CA key
>
> Hello,
>
> I'm doing my own CA with openssl and want to regularly
> generate
Hello,
I'm doing my own CA with openssl and want to regularly generate CRLs. We plan
limited use of the CA (say 1-2 certificates per year), so the CA private key is
stored in a safe on a USB stick until it is used next time. But, as far as I
know, we will need it to generate CRL quite often. I
