On 30.07.2013 19:51, Eisenacher, Patrick wrote:
keep in mind, that in case you detect a problem with your root certificate, you can revoke this cert, but have to use a different cert. for signing this CRLI was wondering how the root cert gets revoked. Anyway thanks for posting that request.A self-signed certificate can't be revoked via a crl, because you won't be able to successfully verify its signature.
You have to communicate this fact out-of-band.I never understood why some root-cas put a crldp extension into their own certs.
this has sense in any cert except the root (self-signed) cert. Walter
smime.p7s
Description: S/MIME Cryptographic Signature