John Doe wrote: > [warn] Invalid signature on CRL > [error] Certificate Verification: Error (8): CRL signature failure Any relation to this? https://issues.apache.org/bugzilla/show_bug.cgi?id=45708 I've worked with a lot of ssl stuff in apache but have never touched CRL before. Interestingly enough I found last year that some of verisign's CRLs weren't built to scale, one of our customers put some content on their site that pointed back to us, which then triggered a call to the CRL for those people using IE and Symantec anti virus(which turned on the CRL option in IE), the site was a very high traffic site and the customers routinely got errors from the CRL site because it was overloaded with requests. So few use CRL, I really don't see the benefit, but I suppose in really controlled environments it could be useful(just not to me). nate