Hi John,
I am on el7 and alpine linux > > Personally I keep my certificate generation completely separate from my > Libreswan installation - I just import new certs and either delete or > import a CRL as required. > Yes I would like to have something similar, preferably stateless container. I have in the alpine linux container the root ca of some test certdb on el7. I am accepting everything from this root ca. So I just need to create a cert and I am done. > > > > I don't think you need to. The tool is for management of existing lists. > > Just delete the certificate from the DB and it is revoked. > I can't do that because certificates are in an external db on el7, the alpine linux container is not aware of this db. I have to specifically tell the alpine container that it is revoked. I chose this setup because I don't think I will need to revoke before the expiration date. But just in case, I like to be able to do this quickly. On windows there is a command certutil -revoke, but on el7 I do not have this. So I was wondering how certs are put on this crl in the db. I probably do not really get the concept here, this certutil is new to me. _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
