| A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
|---|---|---|
| Prev | Chapter 7. Certification Authority | Next |
To revoke the web_cert.pem certificate you only need to type the command:
$ openssl ca -revoke $CADIR/certs/web_cert.pem
Then you have to update the list of revoked certificate (CRL version 1):
$ openssl ca -gencrl -out $CADIR/crl/cacrl.crl
$ openssl crl -in $CADIR/crl/cacrl.crl \
-out $CADIR/crl/cacrl.crl -outform DER
The second command is needed to convert the CRL from the PEM format (a
64base coded file) to a DER format, since some software does not accept PEM
revocations.