A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
---|---|---|
Prev | Chapter 7. Certification Authority | Next |
To revoke the web_cert.pem certificate you only need to type the command:
$ openssl ca -revoke $CADIR/certs/web_cert.pemThen you have to update the list of revoked certificate (CRL version 1):
$ openssl ca -gencrl -out $CADIR/crl/cacrl.crl $ openssl crl -in $CADIR/crl/cacrl.crl \ -out $CADIR/crl/cacrl.crl -outform DERThe second command is needed to convert the CRL from the PEM format (a 64base coded file) to a DER format, since some software does not accept PEM revocations.