I am trying to implement a complex PKI and some parts are based on a Indirect CRL issued by a specific certificate.
I found that the "openssl verify" command works fine if I had the CRL issuer as "-untrusted" argument.
But this check doesn't work if I only add the CRLIssuer cert in the CApath (with `openssl rehash` operation).
The CA issuing the User certificate is offline, so I coudn't manage its CRL and my final use case is to implement the CRL verification by a server like Nginx or Apache. So, can I make it work with SSL_CONF_cmd and with which parameters?