Hi Dave, the problem with using this approach is that most applications do not recognize the extensions in CRLs properly... therefore once they have the CRL, they will think the certificate is revoked.. not suspended.
AFAIK, removefromCRL reason code should be used only in DeltaCRLs prior removing the certificate from the revoked list. I am not sure which software really supports this feature. OpenCA does not support delta CRLs... so, don't use it :D I noticed that there's no command to restore a certificate status back to VALID... I will add a new command for the next release so that it will be possible to restore a certificate's status. Cheers, Max On 04/05/2010 11:54 AM, blain...@gdls.com wrote:
Hi all, I have a person for which I want to revoke their certificate which reason code "on hold". (This person will be on long-term layoff but probably will return in several months). There is supposed to be a way in which I can restore this certificate to an active state (e.g. remove it from the CRL). I see there is a reason code "removefromCRL" but I don't see how to use it.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
