> How can I get rid of the expired certificates in the revocation
> list? When I
> do openssl ca -gencrl -out revocationlist.crl -config myconfig.cfg the
> revoked certificates that are also expired are added into the
> list. It is no
> use to store them there because the revocation list grows big
unski schrieb:
How can I get rid of the expired certificates in the revocation list? When I
do openssl ca -gencrl -out revocationlist.crl -config myconfig.cfg the
revoked certificates that are also expired are added into the list. It is no
use to store them there because the revocation list grows
[EMAIL PROTECTED] wrote:
Hello Jon,
> It appears from my testing that the expiry time on a certificate is taken
> from the client's machine time, not the server time. I've tested this with
> IE 5.01 SP1 and Netscape 4.77.
No the expiry time should be encoded in the certificate.
The element for t
