Please refer to the Revocation section of http://grid.ncsa.illinois.edu/myproxy/ca/ which provides example scripts for using the 'openssl ca' command to generate CRLs for use with MyProxy. The MyProxy software doesn't create CRLs itself. MyProxy requires the use of 'openssl ca' or equivalent for CRL creation.
On 1/14/13 2:30 PM, leo_cu...@lavabit.com wrote: > In order to myproxy service to generate the proxy certificates is > necessary trusted CA certificates in /etc/grid-security/certificates > folder, the CA certificate hash, signing policy and the crl certificate > and some oders. I obtained those needed files, creating a CA through > command line ( openssl way ) giving it a validity period of a year. I > created the crl file for this CA the same way, but, with the same > validity period, cause I didn'nt want to have problem with the "invalid" > crl problem. > > But now I want my system supports the revocation of users certicates and > that means if I revoque a user with my CA, myproxy should know it and > consequently wouldn't generate a credential for it, the next > myproxy-init. The way to do this is lowering the validity of the crl > (.r0) file less than a hour and updating the crl within a period of time > ( less than a hour or so ), using system tools like cron, but my > question is if there some myproxy tool that may do this... > >
