Oliver Welter wrote:
I want to implement the batch process for revoking a certifiacte.Is it ok to just set the status of the certificate to "revoked" in the certificate table ? Will the backend then realized the certificate as revoked and includes it in the CRL or must I create a CRR ??
Difficult question and the answer is yesno. 0. it depends on the version 1. openca_0_9_2 1.1. normal way CRR --> REVOKED_CERTIFICATEIf the system sets the cert to revoked then we execute an OpenSSL command which changes the state in index.txt. A CRR is required for this action.
1.2. agressive modeSet cert to revoked and rebuild the index.txt (via recovery functionality). After this you can create a fresh CRL.
2. HEAD (planned)The only relevant thing for a CRL is the status of the certificate. The whole CRR process can be implemented like you want.
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
