>>>>> "Tom" == Tom Galloway <me at tomgalloway.co.uk> writes: Tom> Does anyone on the list know of a way of being able to test Tom> this? The way I've generally seen this tested in PKI software stacks is to check in an expired cert and private key into the source tree. It's not actually important that the private key for testing that some product not decript something in some situation be kept private:-)