I am currently experimenting with my self signed CA.
But in order for my devices to work I need a valid CRL.
I set the CDP to one of the CDN hosting providers. As I have only 5 certificates issued I have little chance of getting one of them revoked, so I would like to issue a long validity CRL and update it as I need it.
How can I do that with OpenSSL and how is the default expiration calculated?
I see that the crlnumber file increases and certutil displays something like
Base CRL(1014) time:11