Michael -
Here is what I do to revoke a certificate:
REM this copy is necessary because -revoke command does not do it; maybe
this is a bug?
openssl ca -revoke .\subca1\subca1ee.crt -config test.cnf -name sub_ca1
copy .\subca1\index.txt.new .\subca1\index.txt
openssl ca -gencrl -name root_ca -config test.cnf -out .\root\root.pem
REM ca does not have an outform and since openssl defaults to PEM we need to
convert the CRL to DER so Netscape, IE, etc can use it. I think ca should
have an -outform :)
openssl crl -inform pem -outform der -in .\root\root.pem -out
.\root\root.crl
del .\root\root.pem
-----Original Message-----
From: Michael J Clark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 6:01 PM
To: [EMAIL PROTECTED]
Subject: Revoke problem
Hi,
When I revoke a certificate, the crl file does not reflect this. The
index.txt file does though. The config file is pointing to the crl file.
Any ideas on how to get this to work right? Thanks alot
Mike ______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
