On 28 Oct 2013, at 11:56, redpath wrote:
> I would like to know why the openssl CA command to revoke a cert
> (myfiletorevoke)
> needs the CA cert other than the cert I want to revoke.
>
> openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin
> pass:CApas
On 28.10.2013, at 11:56, redpath wrote:
> I would like to know why the openssl CA command to revoke a cert
> (myfiletorevoke)
> needs the CA cert other than the cert I want to revoke.
This is to prove the authority of the operator.
> openssl ca -revoke myfiletorevoke -keyfile
I would like to know why the openssl CA command to revoke a cert
(myfiletorevoke)
needs the CA cert other than the cert I want to revoke.
openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin
pass:CApass -config myconfig
I noticed that the command does not modify the cert I
On 20-07-2013 13:39, redpath wrote:
Very nice tutorial
http://pki-tutorial.readthedocs.org/en/latest/
So the issue is that there is no real Certificate Management Trust system
available
handling concurrency issues for a Database that works seamless with
revocation commands and
OCSP responder.
used to secure store keys, but of course I need something to
manage expiration of keys
auto-magically.
--
View this message in context:
http://openssl.6102.n7.nabble.com/openssl-ca-revoke-tp45896p45900.html
Sent from the OpenSSL - User mailing list archive at Nabble.com
On 19.07.2013, at 22:33, redpath wrote:
> The command
>
> openssl ca -revoke ./demoCA/newcerts/1008.pem -config myconfig.cnf -passin
> pass:password
>
> seems to just update a database, the 1008.pem is not touched.
> Can someone tell me what this command really does for
The command
openssl ca -revoke ./demoCA/newcerts/1008.pem -config myconfig.cnf -passin
pass:password
seems to just update a database, the 1008.pem is not touched.
Can someone tell me what this command really does for revocation.
Also why keep a list of revoked certs, just delete them and if not
