Marco Nardelli wrote:
> So I basically need to understand :
>
> 1) what's the real return of the command "openssl ca -revoke $filename ....";
The function changes the state of the certificate in OpenSSL'S database
(index.txt - really a textfile). The "V" is changed to "R". (Please
check this because I'm not shure that the "R" is correct - I have no
example present actually.)
> 2) this is a description of "sub issueCrl()" , taken from OpenCA-OpenSSL-0.8.0a/
>OpenSSL.pm
> :
>
> sub issueCrl () - Issue a CRL.
>
> This function is used to issue a CRL. Accepted parameters
> are:
>
> CAKEY - CA private key file;
> CACERT - CA certificate file;
> PASSWD - Password to decrypt priv. CA key(*);
> DAYS - Days the CRL will be valid for(*);
> EXTS - Extentions to be added ( see the openssl.cnf
> pages for more help on this )(*);
> EXTFILE - Extensions file to be used (*);
> OUTFILE - Output file(*);
> OUTFORM - Output format (PEM|DER|NET|TXT)(*);
>
> But really I expected , as one of the arguments, the just revoked certificate
> or the old revoked certificates to update the old CRL :-(
That's not necessary. The CRL is created from OpenSSL's database
(index.txt and all certificates which includes "R").
Regards Michael
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
S/MIME Cryptographic Signature
