On 28.10.2013, at 11:56, redpath wrote: > I would like to know why the openssl CA command to revoke a cert > (myfiletorevoke) > needs the CA cert other than the cert I want to revoke.
This is to prove the authority of the operator. > openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin > pass:CApass -config myconfig > > I noticed that the command does not modify the cert I want to revoke anyway, > well at least the date > stays the same and the -text shown is the same. Correct. The certificate is not modified, only the CA's certificate database is. Subsequent CRLs issued by the CA will include the revoked certificate. Cheers, Stefan -- Stefan H. Holek ste...@epy.co.at http://pki-tutorial.readthedocs.org | http://pgpdump.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
