Chelo Malagon CSIC RedIRIS wrote:
>
> Hello all,
> I'd like to know if there is any way to remove a certificate from a
> CRL, for example when the validity time of a certificate which has
> been revoked has expired. (like says in the RFC 2459 "An entry may be
> removed from the CRL after appering on one regulary schedule CRL
> issued beyond the revoked certificate's validity
> period")
> I know that I can edit the index.txt file, delete the appropiate entry
> or write "E" insted of "R" in that entry, and update the CRL but I don't
> know if this is the correct way. Is there some non-manual way to perform
> this task?
>
> Regards,
> Chelo
But if you remove a revoked certificate from the list, how you can
remember
the validity period of a certificate ?
Removing a revoked certificate from the CRL, you re-enable it validity
from the
beginning to the end of life of the certificate, while the revocation
has reduced this period.
I think that this is an error (But maybe i'm wrong ?)
Good Work to the list!
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]