I have revoked a certificate on my CA machine but one of the client browsers using that same certificate presents it and can actually get into the site requiring client certificate!!!
I load the certificate revocation list (CRL) from that machine and the revoked cert appears in that!!
Has anybody come across this scenario?