I am running a Windows 2008 SP2 Enterprise CA. Today, I've noticed that if I revoke an expired certificate, it shows up in the "Revoked Certificates" container of the CA Management snap-in, however, if I publish a new CRL, that cert's SN is not included on the CRL. Since the cert was expired, is it safe to assume that this is the CA operating as expected? Is there a switch you can toggle to include expired revoked certs on the CRL (not that I necessarily would want to; just curious).
Thanks in advance