Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 829

To revoke compromised or otherwise unwanted certificates, do the following:
1 Start YaST and open the CA module.
2 Select the required CA and click Enter CA.
3 Enter the password if entering a CA the first time. YaST displays the CA key
information in the Description tab.
4 Click Certificates (see
(page 808).)
5 Select the certificate to revoke and click Revoke.
6 Choose a reason to revoke this certificate
7 Finish with Ok.
NOTE
Revocation alone is not enough to deactivate a certificate. Also publish revoked
certificates in a CRL.
to create CRLs. Revoked certificates can be completely removed after publica-
tion in a CRL with Delete.
42.2.4 Changing Default Values
The previous sections explained how to create sub-CAs, client certificates, and server
certificates. Special settings are used in the extensions of the X.509 certificate. These
settings have been given rational defaults for every certificate type and do not normally
need to be changed. However, it may be that you have special requirements for these
extensions. In this case, it may make sense to adjust the defaults. Otherwise, start from
scratch every time you create a certificate.
1 Start YaST and open the CA module.
2 Enter the required CA, as described in
Sub-CA" (page 808).
Section 42.2.2, "Creating or Revoking a Sub-CA"
Section 42.2.5, "Creating CRLs " (page 813) explains how
Section 42.2.2, "Creating or Revoking a
Managing X.509 Certification 811