On 8/16/05, Oliver Welter <[EMAIL PROTECTED]> wrote: > Hi Folks, > > I want to implement the batch process for revoking a certifiacte. > > Is it ok to just set the status of the certificate to "revoked" in the > certificate table ? > Will the backend then realized the certificate as revoked and includes > it in the CRL or must I create a CRR ??
No! The certificate will never compair in the CRL, because the OpenSSL index.txt file is not synchronized with the DB. You can make a cmd that does the same steps you do in the Web interface, so you create a CRR and then use the normal libCertificateRevoke function to revoke it. Note that you must also issue the CRL automatically and update the LDAP server. All this operations requires the CA token with the password set. However if I remember (I'm in vacation far from my work PC), there is a batch command for the revoke operation, but I can be wrong. -- Diego de Felice ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
