Hi Joe,
Joe Gluck wrote:
Does anyone know how can I revoke a certificate, even if I don't have
the certificate file anymore, (using openssl) can I just update the
index.txt line associated with this certificate, change the V to R and
add the revocation date? If this should work does anyone have already a
script that does that? Or can some one help with the exact format of
the index.txt file.
Yes, that's the way: Just change V to R and add a
revocation date. Then issue a new CRL. You might
inspect the CRL afterward with
openssl crl -in crlfile.pem -text
and you should see that the serial number of the revoked
certificate is listed in the CRL.
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
