diff --git a/cas/softcas/softcas.go b/cas/softcas/softcas.go
index bec1d81e..0b2270bb 100644
--- a/cas/softcas/softcas.go
+++ b/cas/softcas/softcas.go
@@ -133,7 +133,11 @@ func (c *SoftCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1
 // CreateCRL will create a new CRL based on the RevocationList passed to it
 func (c *SoftCAS) CreateCRL(req *apiv1.CreateCRLRequest) (*apiv1.CreateCRLResponse, error) {
 
-	revocationListBytes, err := x509.CreateRevocationList(rand.Reader, req.RevocationList, c.CertificateChain[0], c.Signer)
+	certChain, signer, err := c.getCertSigner()
+	if err != nil {
+		return nil, err
+	}
+	revocationListBytes, err := x509.CreateRevocationList(rand.Reader, req.RevocationList, certChain[0], signer)
 	if err != nil {
 		return nil, err
 	}
diff --git a/db/db.go b/db/db.go
index 5b7bfc21..ccaf4056 100644
--- a/db/db.go
+++ b/db/db.go
@@ -127,14 +127,6 @@ type CertificateRevocationListInfo struct {
 	DER       []byte
 }
 
-// CertificateRevocationListInfo contains a CRL in DER format and associated
-// metadata to allow a decision on whether to regenerate the CRL or not easier
-type CertificateRevocationListInfo struct {
-	Number    int64
-	ExpiresAt time.Time
-	DER       []byte
-}
-
 // IsRevoked returns whether or not a certificate with the given identifier
 // has been revoked.
 // In the case of an X509 Certificate the `id` should be the Serial Number of
@@ -224,7 +216,7 @@ func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error) {
 		return nil, err
 	}
 	var revokedCerts []RevokedCertificateInfo
-	now := time.Now().UTC()
+	now := time.Now().Truncate(time.Second)
 
 	for _, e := range entries {
 		var data RevokedCertificateInfo