diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h
index 5fb9ae178b963ec508a452d15191bbc0ae0603c3..6566e9e50e40737b30095698b4b7f2c763f65f04 100644
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -314,7 +314,7 @@ struct OPENDHT_PUBLIC Certificate {
     std::string print() const;
 
     void revoke(const PrivateKey&, const Certificate&);
-    std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const { return revocation_lists; }
+    std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const;
     void addRevocationList(RevocationList&&);
     void addRevocationList(std::shared_ptr<RevocationList>);
 
@@ -325,7 +325,7 @@ struct OPENDHT_PUBLIC Certificate {
 private:
     Certificate(const Certificate&) = delete;
     Certificate& operator=(const Certificate&) = delete;
-    std::vector<std::shared_ptr<RevocationList>> revocation_lists;
+    std::set<std::shared_ptr<RevocationList>> revocation_lists;
 };
 
 
diff --git a/src/crypto.cpp b/src/crypto.cpp
index 784ce0f93ae866ee1b384560f78f2565c6d1246f..5a906fae75f6f0990dcf170110929f4da324155e 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -739,8 +739,8 @@ void
 Certificate::revoke(const PrivateKey& key, const Certificate& to_revoke)
 {
     if (revocation_lists.empty())
-        revocation_lists.emplace_back(std::make_shared<RevocationList>());
-    auto& list = *revocation_lists.back();
+        revocation_lists.emplace(std::make_shared<RevocationList>());
+    auto& list = *(*revocation_lists.begin());
     list.revoke(to_revoke);
     list.sign(key, *this);
 }
@@ -754,9 +754,11 @@ Certificate::addRevocationList(RevocationList&& list)
 void
 Certificate::addRevocationList(std::shared_ptr<RevocationList> list)
 {
+    if (revocation_lists.find(list) != revocation_lists.end())
+        return; // Already in the list
     if (not list->isSignedBy(*this))
         throw CryptoException("CRL is not signed by this certificate");
-    revocation_lists.emplace_back(std::move(list));
+    revocation_lists.emplace(std::move(list));
 }
 
 std::chrono::system_clock::time_point
@@ -869,6 +871,16 @@ Certificate::generate(const PrivateKey& key, const std::string& name, Identity c
     return ret;
 }
 
+std::vector<std::shared_ptr<RevocationList>>
+Certificate::getRevocationLists() const
+{
+    std::vector<std::shared_ptr<RevocationList>> ret;
+    ret.reserve(revocation_lists.size());
+    for (const auto& crl : revocation_lists)
+        ret.emplace_back(crl);
+    return ret;
+}
+
 RevocationList::RevocationList()
 {
     gnutls_x509_crl_init(&crl);