diff --git a/ssl/client-certs/README.md b/ssl/client-certs/README.md
index 10ab5fd3..6130ee3a 100644
--- a/ssl/client-certs/README.md
+++ b/ssl/client-certs/README.md
@@ -28,3 +28,7 @@ openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.m
 > atat.mil.crt: OK
 ```
 
+To regenerate the crl:
+
+`openssl ca -gencrl -keyfile client-ca.key -cert client-ca.crt -out <cert_name>.crl -config crl_openssl.conf`
+`openssl crl -inform der -in client-ca.der.crl -noout -text`
diff --git a/ssl/client-certs/client-ca.der.crl b/ssl/client-certs/client-ca.der.crl
index 8ec9e37f..7eb07ee0 100644
Binary files a/ssl/client-certs/client-ca.der.crl and b/ssl/client-certs/client-ca.der.crl differ
diff --git a/ssl/client-certs/crl_openssl.conf b/ssl/client-certs/crl_openssl.conf
index 5c061883..c017a31d 100644
--- a/ssl/client-certs/crl_openssl.conf
+++ b/ssl/client-certs/crl_openssl.conf
@@ -8,7 +8,7 @@ database       = $dir/index.txt        # index file.
 # new_certs_dir  = $dir/newcerts         # new certs dir
 
 default_days   = 365                   # how long to certify for
-default_crl_days= 30                   # how long before next CRL
+default_crl_days = 365                 # how long before next CRL
 default_md     = md5                   # md to use
 
 policy         = policy_any            # default policy
diff --git a/tests/fixtures/crl/client-ca.der.crl b/tests/fixtures/crl/client-ca.der.crl
index 8ec9e37f..7eb07ee0 100644
Binary files a/tests/fixtures/crl/client-ca.der.crl and b/tests/fixtures/crl/client-ca.der.crl differ