Looking at RSE's mkcert.sh (from mod_ssl) I found that it is obviously *not* required to use the ca command to sign a CSR with a CA's certificate; this can very well be done with the x509 command. OTOH, the ca command seems to be the only way to create a CRL. Is this observation correct? The crl command apparently allows CRL viewing only... Thanks, Stefan -- There is much Obi-Wan did not tell you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
