Hi, [...] > > After that I generated a CRL (I own the CA) which then contained the > > certificate with the serial 0x06. > > > > My question now is, would that be a proper workaround or is there a better > > solution? Since the CRL > > only contains the serial numbers of the certificates, this seems to work > > although it is not a very good > > solution. > It is a workaround if you consider the "ca" and "crl" commands as > the only officially blessed way to manage certificats,. just because it > looks convenient at first glance. > > You may consider not to use the "ca" command at all, generate certs > using "x509" instead, manage their status in whatever database you like > and, in order to create a crl using "crl", you just create a temporary > file with the R entries, etc. > You may even go further and not use "crl" at all but create an asn.1 > input for "asn1parse", I leave this idea as an exercise .. > > in other words, once you have understood that you only need some > file that has "R"s and numbers, ... your mind should be > free to create them in any way you want.
Thanks for your help, that clarified things! Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
