We do this here.
Ensure your URLs are "application/x-x509-crl", and the CRL is DER encoded and you'll be fine.
Cisco did a real good job with their PKI support in the VPN-3000 series - I wish I could say the same for IOS (our CA has a serial number of "0", and IOS refuses to trust a CA with a serial <1. Strange - I always thought 0 was an integer as required by the SSL RFCs... :-()
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]