On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik < michael.woj...@microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Michael Leone > > Sent: Monday, February 24, 2020 09:37 > > > SO I was an idiot, and signed a certificate, but specified an invalid > location. i.e., > > I used a "/" instead of a "/" in the location. > > I assume that was supposed to be 'a "\" instead of a "/"', based on what > you have below. > Yes, I had it backwards. And I was able to find the file, and properly revoke it, after sending my initial email. I just haven't had time to go back and tell the list. > > > $ sudo openssl ca -in requests/<client>.req -out > certs\<client>-2020-02-24.<FQDN> > > > > And so I can't find that cert file anywhere (obviously). > > That's not obvious at all. I meant - obviously it's not in the subdirectory I thought it would be in ... > Does your CA configuration not have a new_certs_dir? Normally it will > create a copy of the certificate there, under the serial number. > > > I know the serial number of the wrongly issued cert, I had hoped I could > revoke > > using just the serial number. But searches tell me I can't do it that > way. > > Well, you *can*, by editing the CA's index.txt file directly. You can > create and revoke a test certificate to see what the altered line should > look like. (It will start with "R" instead of "V", and have a revocation > date. Fields are separated by tabs.) > Interesting. Thanks.
