On 08/09/2012 12:57 PM, int0...@safe-mail.net wrote:
Hi
...
After that I generated a CRL (I own the CA) which then contained the certificate with the serial 0x06. My question now is, would that be a proper workaround or is there a better solution? Since the CRL only contains the serial numbers of the certificates, this seems to work although it is not a very good solution.
It is a workaround if you consider the "ca" and "crl" commands as the only officially blessed way to manage certificats,. just because it looks convenient at first glance. You may consider not to use the "ca" command at all, generate certs using "x509" instead, manage their status in whatever database you like and, in order to create a crl using "crl", you just create a temporary file with the R entries, etc. You may even go further and not use "crl" at all but create an asn.1 input for "asn1parse", I leave this idea as an exercise .. in other words, once you have understood that you only need some file that has "R"s and numbers, ... your mind should be free to create them in any way you want.
Thanks for your help, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
