leaf cert not before 20060417191040Z 19:10:40 Apr 17, 2006 not after 20160414191040Z 19:10:40 Apr 14, 2016 root cert not before 20060417190954Z 19:10:40 Apr 17, 2006 not after 20160414190954Z 19:10:40 Apr 14, 2016 CRL: not valid until well after leaf cert was created, valid for 10 years, revocation 12 hours after CRL is created $ makeCrl -s crlTestLeaf.cer -i crlTestRoot.cer -o crl.crl -n 315360000 -r 43200 ...wrote 282 bytes to crl.crl. this update 20060417210558Z 21:05:58 Apr 17, 2006 next update 20160414210558Z 21:05:58 Apr 14, 2016 cert revoked 20060418090558Z 09:05:58 Apr 18, 2006 Test cert at revoke + 1 ==> fail 20060418090559Z Test cert at revoke - 1 ==> OK 20060418090557Z Test cert at create with CRL ==> OK 20060417191040Z (before revocation, before CRL) Test cert at create w/o CRL ==> OK 20060417191040Z Test cert at create-1 w/o CRL - not yet valid 20060417191039Z Test cert at not after w/o CRL - OK 20160414191040Z Test cert at not after + 1 - fail 20160414191041Z Cert generated from CA in enclosed keychain, crlKeychain.keychaain, pwd = crlKeychain