Revocation Automation Utility; Syntax - Red Hat CERTIFICATE SYSTEM 7.3 - COMMAND-LINE Manual

Chapter 25.

Revocation Automation Utility

The revoker utility sends revocation requests to the CA agent interface to revoke certificates. To
access the interface, revoker needs to have access to an agent certificate that is acceptable to the CA.
The revoker tool can do all of the following:
• Specify which certificate or a list of certificates to revoke by listing the hexadecimal serial numbers.
• Specify a revocation reason.
• Specify an invalidity date.
• Unrevoke a certificate that is currently on hold.

25.1. Syntax

The revoker utility has the following syntax:
revoker -s serialNumber -n rsa_nickname [-p password
| -w passwordFile] [-d dbdir] [-v] [-V] [-u] [-r reasoncode]
[-i numberOfHours] hostname:[port]
Option
s
n
p
w
d
v
V
u
r
Description
Gives the serial numbers in hexadecimal of the
certificates to revoke.
Gives the agent certificate nickname.
Gives the certificate database password. Not
used if the -w option is used.
Optional. Gives the path to the password file. Not
used if the -p option is used.
Optional. Gives the path to the security
databases.
Optional. Sets the operation in verbose mode.
Optional. Gives the version of the revoker tool.
Gives the reason to revoke the certificate. The
following are the possible reasons:
• 0 - Unspecified (default).
• 1 - The key was compromised.
• 2 - The CA key was compromised.
• 3 - The affiliation of the user has changed.
• 4 - The certificate has been superseded.
• 5 - Cessation of operation.
• 6 - The certificate is on hold.
73