> Is there any
> other technical solution than generating once CRL with information about a
> certificate and then a newer CRL not containing the certificate?
I don't even think you're really "supposed" to do that. Most software
assumes
that once a cert is on a CRL it never comes off.
Many folks believe OCSP, which can handle the "now it's bad ... now it's
good"
model is a better way to go.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
