let say that I created a SSL certificate:
ipa service-add HTTP/www.test.lan
ipa service-add-host --hosts=ipa-server.test.lan HTTP/www.test.lan
ipa-getcert request -r -f /etc/pki/tls/certs/www.test.lan.crt -k
/etc/pki/tls/private/www.test.lan.key -N CN=www.test.lan -D www.test.lan -K
and I installed it.
If the machine is compromised I would like to revoke it. What shall I do?
I saw you can stop renewing it via
ipa-getcert stop-tracking -i 20150319132153
and seems to be that I can revoke it via
ipa cert-revoke --revocation-reason=1 0xC
is it sufficient?
I didn't see the /var/lib/ipa/pki-ca/publish/MasterCRL.bin changed. I though I
should find the revocated certificate inside this binary file?
Also, how can I print the content of MasterCRL.bin in a "readable" output?
PS: I have to confess that I don't master CRL and OCSP.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project