Hi,
We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.
On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have different CRL Distribution
Nuno Ponte a écrit :
Hi,
We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.
On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have
Hi Gilles,
Thanks for your reply! :-)
The CA also offers OCSP, which is obviously the preferred way to
validate certificate status. I am just trying to make sure that there
is support from the applications world to such a CRL partitioning
scheme. Wide interoperability is a key goal.