Hi, let say that I created a SSL certificate: ipa service-add HTTP/www.test.lan ipa service-add-host --hosts=ipa-server.test.lan HTTP/www.test.lan ipa-getcert request -r -f /etc/pki/tls/certs/www.test.lan.crt -k /etc/pki/tls/private/www.test.lan.key -N CN=www.test.lan -D www.test.lan -K HTTP/www.test.lan
and I installed it. If the machine is compromised I would like to revoke it. What shall I do? I saw you can stop renewing it via ipa-getcert stop-tracking -i 20150319132153 and seems to be that I can revoke it via ipa cert-find ipa cert-revoke --revocation-reason=1 0xC is it sufficient? I didn't see the /var/lib/ipa/pki-ca/publish/MasterCRL.bin changed. I though I should find the revocated certificate inside this binary file? Also, how can I print the content of MasterCRL.bin in a "readable" output? Regards, Nicolas Zin PS: I have to confess that I don't master CRL and OCSP. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project