On Fri, 26 Mar 1999 20:57:16 +0100, you wrote:
>Hi,
>
>I have the need to revoke a certificate, anyway I cannot find the revoke
>facility to manage the job ( including altering the index.txt that I think
>is used to manage the CRL (??)).
>
I am going from memory here since I have not got any SSL code infront
of me.
The index.txt file is made up of a series of lines (one per
certificate issued). Each line contains the following fields:
1. Certificate state: This is a single character with 'V' for valid,
'E' for expired and 'R' for revoked.
2. Expiry date time string. I can not remember the exact format, but
it should be fairly easy to work out.
3. Revokation date (same format as above)
4. index number (a unique identifier for a certificate for a given CA)
There are some more fields which are not important to this exercise.
All fields are seperated by tab characters (spaces will not make a
good substitute).
To revoke a certificate, find its entry in index.txt. The index number
is the most reliable search field, although for small CAs, the CN may
be more intuitive. Change the first field from a V to an R (revoked)
and change the third field (which will presently be empty... note two
tab characters after the expiry date - the revocation date goes
between these) to the date time string when you want the cert to be
revoked.
The next step is to regenerate the CRL. I have forgotten the syntax,
but if you have already generated one, this should not be a problem,
and redistribute the CRL to all users. The revoked entry in the index
file should not be removed until after the certificate expiry date.
Hope this helps,
Pete
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
