On Wed, 26 Jan 2000, Salz, Rich wrote:
> >can CRLs be signed by a certificate that is not the CA certificate
>
> No.
What do you mean by "the CA certificate"?
If you take a look at the SET specifications, then the CRLs can be signed
by a different private key and certificate than the ones used to generate
the certificates.... Basically, you have one certificate to sign the
certificates, and one other to sign the CRLs... A different key pair is
associated with each certificate.
The difference is in the keyUsage extension.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
