Cmc Revocation; Syntax; Testing Cmc Revocation - Red Hat CERTIFICATE SYSTEM 8 - COMMAND-LINE Manual

Chapter 14.

CMC Revocation

The CMC Revocation utility, CMCRevoke, signs a revocation request with an agent's certificate.

14.1. Syntax

This utility has the following syntax:
CMCRevoke -d directoryName -n nickname -i issuerName -s serialName
c comment
Option Description
The path to the directory where the cert8.db, key3.db, and secmod.db databases containing
d
certificates are located.
The nickname of the agent's certificate.
n
The issuer name of the certificate being revoked.
i
The decimal serial number of the certificate being revoked.
s
The reason the certificate is being revoked. The reason code for the different allowed revocation re
m
follows:
• 0 - Unspecified.
• 1 - Key compromised.
• 2 - CA key compromised.
• 3 - Affiliation changed.
• 4 - Certificate superseded.
• 5 - Cessation of operation.
• 6 - Certificate is on hold.
Text comments about the request.
c
NOTE
Surround values that include spaces in quotation marks.

14.2. Testing CMC Revocation

Test that CMC revocation is working properly by doing the following:
1. Create a CMC revocation request for an existing certificate. For example, if the directory
containing the agent certificate is /var/lib/pki-ca/alias, the nickname of the certificate is
CertificateManagerAgentCert, and the serial number of the certificate is 22, the command
is as follows:
CMCRevoke -d "/var/lib/pki-ca/alias" -n "CertificateManagerAgentCert" -i "cn=agentAuthMgr"
-s 22 -m 0 -c "test comment"
-m reasonToRevoke -
47