On 19.07.2013, at 22:33, redpath wrote: > The command > > openssl ca -revoke ./demoCA/newcerts/1008.pem -config myconfig.cnf -passin > pass:password > > seems to just update a database, the 1008.pem is not touched. > Can someone tell me what this command really does for revocation.
Correct. You then use the openssl -gencrl command to create a new CRL from the db. You may want to check out the tutorial linked from my sig. Cheers, Stefan -- Stefan H. Holek ste...@epy.co.at http://pki-tutorial.readthedocs.org | http://pgpdump.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org