On Tue, 12 Apr 2011, Chen, Xuli (James) wrote: > If ipsec certificate is revoked in CRL, as expected openswan tears down connection. After this, will openswan bring the connection up if the CRL is updated to not revoke the certificate again? It should. It has no "memory" of what is revoked other then what's in the loaded CRL. Paul