You can't tell if it has been revoked. That's why they are 'trusted roots'. If you think your root ca has been compromised, that is when you usually hit the big red panic button and shut down the shop.
-----Original Message----- From: Jon Bendtsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 9:39 AM To: [EMAIL PROTECTED] Subject: how do i use a CRL file to verify a certificate against? i can verify a certificate against a root certificate, with openssl verify -CAfile root.ca rsacert.pem but how do i know that the certificate i try to verify has not been revoked? JonB ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]