Dr. Stephen Henson wrote:
On Mon, Jan 16, 2006, Daniel Garca Franco wrote:
Hello!
I use the v2 of CRL, and i have to revoke the certificates
with 2 extension, CRL Revoke Reason and InvalidityDate, i Know how to
pass the first extension to openssl when i revoke a certificate, but
i don´t know how to pass the second extension.
I´m using the next command to revoke the certificates:
$>openssl ca -revoke cert.pem -config my_openssl_config_file.conf
-crl_reason the_reason
You specify one of the options:
-crl_compromise TIME
-crl_CA_compromise TIME
this sets the reason code to keyCompromise or cACompromise and the invalidity
time to TIME. Where time is in GeneralizedTime format: "YYYYMMDDHHMMSSZ".
Thanks Steve,
I would like to use other CRL Revoke Reason as "superseded",
"unspecified", etc... with the
CRL Entry Extension InvalidityDate, not that the use of CRL Entry
Extension InvelidityDate
force to set the CRL Revoke Reason to keyCompromise or cACompromise. ¿is
it possible?.
Thanks again
best regards,
--
Daniel García Franco E-mail: [EMAIL PROTECTED]
Red.ES/RedIRIS Tel:+34 955 05 66 27
Edificio CICA
Avenida Reina Mercedes, s/n
41012 Sevilla
SPAIN
- Red Académica y Científica española (http://www.rediris.es/) -
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
