Bill, On Tuesday 17 December 2002 21:15, you wrote: > Chris, > > My initial question would be why are you deleting the revoked certificates? > A revoked certificate is a revoked certificate. Once a certificate is > revoked, it remains that way for the rest of its life. > > Do you mean suspended certificates rather than revoked? >
My understanding is that when you revoke a certificate at the RA it goes into a suspended state. You then export these CRR to the CA, the CA does the revocation and produces a CRL, you then import the revoked certs back into the RA and the CRL. The process of updating the LDAP directory then removes the certificate binarys from the directory entrys so that they can't be downloaded by innocent users looking for live certs. This is how it seems to work for me. One thing I have noticed is that all the certs have been deleted from the directory for one OU but not another, is this a clue to the problem ? Chris... ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
