OK. So as far as you're aware, there's not a way to avoid the requirement of the combined root cert/CRL file when checking for revoked certificates? I would prefer to just have to deal with the CRL in PEM format, but the CRL file must always be the CRL appended to the root cert, as far as I can tell. Thanks for your prompt responses, by the way.
From: rs...@akamai.com To: openssl-users@openssl.org Date: Wed, 30 Jul 2014 16:02:56 -0400 Subject: RE: Can't get my CRL to work on my OpenSSL client No, I was confused; when you said “append to the root cert” I thought you meant copying it into the local directory. You meant literally appending it to the cert. I suppose you could create a new file with a “similar” name… -- Principal Security EngineerAkamai Technologies, Cambridge MAIM: rs...@jabber.me Twitter: RichSalz