[openssl-users] Should I / How to remove expired certificates from CRL

Wouter Verhelst wouter.verhelst at fedict.be
Thu Feb 9 11:40:49 UTC 2017


On 09-02-17 10:58, PM Extra wrote:
> Should I remove expired certificates from CRL?

No. The date of the revocation, which can be found in the CRL, is still 
relevant for checking when older certificates were revoked, in case you 
ever need to check signatures on older messages.

-- 
Wouter Verhelst


More information about the openssl-users mailing list