Mario Fabiano wrote:
>
> I have just a remark and a question:
>
> openssl ca -revoke does not give back a return code, which should very
> useful when you invoke the command from a script.
Sure, if no one if going to patch this I can do it (as I wrote this part!)
it should not take long.
> openssl ca -revoke asks for the CA key protection password, but the CA
> key should be needed only to issue the CRL thst must be signed.
>
NO. As the CA, from now on will consider the certificate REVOKED and in
every CRL issued will mark it as R. Only the CA operator who knows the
ca key passwd should be able do revoke certificates.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
