I can imaging that the list is refreshed on the valid until date, but that is an assumption. OCSP can have a performance drawback when each certificate is checked online.
I'll try just both way's, but first the generation of the sets of certificates.
Johan
[Message sent by forum member 'jcstover' (jcstover)]
http://forums.java.net/jive/thread.jspa?messageID=320869