I use a StartCom certificate, but it has never been used with OpenSSL, so I'm fine.
It costs money to maintain a CRL.
Maybe they could revoke their intermediate certificate and reissue certificates to everyone. That would take time to coordinate, and every month that goes by 1/12 of the bad certs expire anyway.
It costs money to maintain a CRL.
Maybe they could revoke their intermediate certificate and reissue certificates to everyone. That would take time to coordinate, and every month that goes by 1/12 of the bad certs expire anyway.