Hello! What should I have do? I use Debian for subca, rootca is working on Fedora. I generated 400 cert on subca and distributed to clients. Last week I saw message about openssl vulnerability in Debian: "Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable." I check certs are Affected. So in this way I must revoked all client 's certs and subca cert in rootca. But i have a questions what about crl, where client find crl if I revoced (and genetated new) subca cert. I would like ask developers about way to find solution?? Macie
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users