Goetz Babin-Ebell <[EMAIL PROTECTED]> writes: >Everybody can issue a CRL. Only a CA with CRL signing enabled can issue a CRL. >A CA can issue a CRL with own revokated certificates but it can issue a CRL >with revoked certificates of other CAs (at least in X509v3...) A CA can't revoke another CA's certificates, only certificates which it has issued. Peter. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- Re: CRLs and self-signed root certs. Peter Gutmann
- Re: CRLs and self-signed root certs. Goetz Babin-Ebell
- Re: CRLs and self-signed root certs. Jean-Marc Desperrier
- Re: CRLs and self-signed root certs. Bodo Moeller
- Re: CRLs and self-signed root certs. Ben Laurie
- Re: CRLs and self-signed root certs. Bodo Moeller
- Re: CRLs and self-signed root certs. Mats Nilsson
- Re: CRLs and self-signed root certs. Goetz Babin-Ebell
- RE: CRLs and self-signed root certs. Frank Balluffi
- Re: CRLs and self-signed root certs. Goetz Babin-Ebell
- Re: CRLs and self-signed root certs. Peter Gutmann
- Re: CRLs and self-signed root certs. Rich Salz
- Re: CRLs and self-signed root certs. Goetz Babin-Ebell
- RE: CRLs and self-signed root certs. Frank Balluffi
- Re: CRLs and self-signed root certs. Peter Gutmann
- Re: CRLs and self-signed root certs. Rich Salz
