Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 835

To revoke compromised or otherwise unwanted certificates, do the following:
1 Start YaST and open the CA module.
2 Select the required CA and click Enter CA.
3 Enter the password if entering a CA the first time. YaST displays the CA key
information in the Description tab.
4 Click Certificates (see Section 42.2.2, "Creating or Revoking a Sub-CA"
(page 814).)
5 Select the certificate to revoke and click Revoke.
6 Choose a reason to revoke this certificate
7 Finish with Ok.
NOTE
Revocation alone is not enough to deactivate a certificate. Also publish revoked
certificates in a CRL. Section 42.2.5, "Creating CRLs " (page 819) explains how
to create CRLs. Revoked certificates can be completely removed after publica-
tion in a CRL with Delete.
42.2.4 Changing Default Values
The previous sections explained how to create sub-CAs, client certificates, and server
certificates. Special settings are used in the extensions of the X.509 certificate. These
settings have been given rational defaults for every certificate type and do not normally
need to be changed. However, it may be that you have special requirements for these
extensions. In this case, it may make sense to adjust the defaults. Otherwise, start from
scratch every time you create a certificate.
1 Start YaST and open the CA module.
2 Enter the required CA, as described in Section 42.2.2, "Creating or Revoking a
Sub-CA" (page 814).
Managing X.509 Certification 817