In the book "Network Security with OpenSSL" on pages
124-125 is a list of OpenSSL commands to create a root
CA, and a server CA signed with the root CA.
My question is, how would I use the openssl CA command
to revoke the server CA certificate by the root CA,
and generate a CRL?
I have tried "openssl ca -revoke ....." and "openssl
ca -crl ......" without success.
----
Here are the commands to create the root CA:
1. openssl req -newkey rsa:1024 -sha1 -keyout
rootkey.pem -out rootreq.pem
2. openssl x509 -req -in rootreq.pem -sha1
-extensions v3_ca -signkey rootkey.pem -out
rootcert.pem
3. cat rootcert.pem rootkey.pem > root.pem
And to create the server CA signed by the root CA:
4. openssl req -newkey rsa:1024 -sha1 -keyout
serverCAkey.pem -out serverCAreq.pem
5. openssl x509 -req -in serverCAreq.pem -sha1
-extensions v3_ca -CA root.pem -CAkey root.pem
-CAcreateserial -out serverCAcert.pem
6. cat serverCAcert.pem serverCAkey.pem rootcert.pem
> serverCA.pem
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
