RE: CRL how to

Erwann ABALEA Tue, 25 Sep 2001 09:44:03 -0700
Hi Sarah,

Why do you want to include a client certificate in the CRL as soon as this
client certificate is created? Putting a certificate into the CRL means
it's revoked and no longer valid.

If you want to revoke a certificate, read the help proposed for the
'openssl ca' command.

Hope this helps.

On Tue, 25 Sep 2001, Sarath Chandra M wrote:

> Hi,
>       How to automatically put an entry in the CRL when a new
> Client certificate is generated.
>
> regards
> Sarath
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: 25 September 2001 13:28
> To: [EMAIL PROTECTED]
> Subject: RE: CRL how to
>
>
> Hi Sarath,
> In the openssl CA Directory there is a file named "index.txt" which contains
> a summary of
> the issued certificate. For example:
> V     020925082220Z           01      unknown
> /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Goofy
> V     020925082341Z           02      unknown /C=AU/ST=New
> Zeland/L=Wellington/O=Internet
> Widgits Pty Ltd/OU=uncle duck/CN=Gogo
> This entries must be modified in order to make the CRL:
> R     020925082220Z   010925090120Z   01      unknown
> /C=AU/ST=Some-State/O=Internet
> Widgits Pty Ltd/CN=Goofy
> R     020925082341Z   010925092341Z   02      unknown /C=AU/ST=New
> Zeland/L=Wellington/O=Internet
> Widgits Pty Ltd/OU=uncle duck/CN=Gogo
>
> At this point just enter the following statements at prompt:
> $ ca -gencrl -crldays 30 -out temp.pem
> $ crl2pkcs -in temp.pem -out pkcs7_crl.pem
>
> At this point you have a PKCS7 file containing a CRL, which can be imported
> into
> whatever application supporting it.
>
> Best Regards
>                                               [Gerardo Maiorano]
>
> -- Original Message --
>
> >
> >Hi,
> >    I have installed openssl and have started generating client
> >certificates. I would like to
> >know, how I can create and maintain CRLs.
> >
> >I would appreciate if anybody provides any help or resource pointers for
> >this.
> >
> >thanx in advance
> >Sarath Chandra M
> >
> >
>
>
>
> __________________________________________________________________
> Abbonati a Tiscali!
> Con VoceViva puoi anche ascoltare ed inviare email al telefono.
> Chiama VoceViva all' 892 800        http://voceviva.tiscali.it
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

-- 
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-----
That's not a bug, that's a feature.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: CRL how to

Reply via email to
