I’m using Openldap with TLS and CRL. My slapd.conf file has the line “TLSCRLCheck all” in it. When the CRL has expired the client is not allowed to make an TLS connect. My question is whether it is possible to configure openldap to still let the client connect to the server (possibly with a warning) when the CRL has expired. Does anyone know if it is possible and of it can be achieved in that case?