Hi All, Is it possible to revoke a self-signed CA certificate? If yes, then I dont understand why it should be allowed. It does not make sense. The only reason a root CA would want to revoke its own certificate is if its private-key might have been compromised. So, the CA would want to revoke its certificate and create a new CRL. But since the private-key is compromised, the attacker can always use the private-key (of the CA), and create a yet new CRL and distribute.
This looks like a chicken and egg problem because you are trusting a CRL-list sent by a CA and the CRL mentions not to trust the very same CA since its certificate is revoked. What is the solution to this problem? Any insights?
