On 09-02-17 10:58, PM Extra wrote: > Should I remove expired certificates from CRL? No. The date of the revocation, which can be found in the CRL, is still relevant for checking when older certificates were revoked, in case you ever need to check signatures on older messages. -- Wouter Verhelst