Hello there,

Thanks a lot for your help and input.
Actually i found a solution to the problem. Entrust allows partitioned CRLs
by default (CRLs are splited for scalability purposes) but you can enable
the combined CRL which will not be splitted (for compatibilty, as the
partioned CRL is only an option in the standard). So this one works well
with openssl/mod_ssl.
Those 2 CRLs (combined and partitioned) will work both at the same time
without problems.

If you want more info on that, don't hesitate to ask me.

Cheers,

Alec
________________________________________________________________________________________

>From "Schaefer,Lorrayne J." <[EMAIL PROTECTED]> on 12 December 2001
9:07:02
To : [EMAIL PROTECTED]
Copy To : [EMAIL PROTECTED]
Subject : Re: Multiple CRLs with same CA


Hi everyone.  I was chatting with an Entrust engineer yesterday about
partitioned CRLs (this is where you can break it down my something such as
size).  The only CA that currently do this to my knowledge is Entrust.

I agree with Rich Salz's response.  OCSP is a great way to go (and,
Valicert offers an Apache plug-in).  :-)

Lorrayne



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

--------------------------------------------------------------------------------------------

Alec Barea
PKI engineering team
Equant
Tel:  +1 514 847-3436
CVS: 225 3436

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to