On 05/21/2011 12:14 AM, Chris Richmond wrote: > After fulfilling the cert request on the server then sending the > resulting cert back to the client, the serve does not need to to > anything else with the cert at that point, since it was created with > the CA and the server's truststore trusts all certs from that CA, > correct?
Yes. > > Also, how does revocation work on individual certificates? For > instance I have issued 10 certs signed by my CA, so how do I revoke 1 > or many of them and not simply "untrust" the entire CA? You'd have a revocation list from your CA which the server would need to check. - Dennis
