Issuing Crls - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 6. Revoking Certificates and Issuing CRLs
revoker -d "/var/lib/pki-ca/alias" -n "ManagerAgentCert" -i "cn=agentAuthMgr" -s 22 -m 0 -
c "test comment"
2. Open the end-entities page.
https://server.example.com:9444/ca/ee/ca
3. Select the Revocation tab.
4. Select the CMC Revoke link on the menu.
5. Paste the output from the revoker into the text area.
6. Remove -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW CERTIFICATE
REQUEST----- from the pasted content.
7. Click Submit.
8. The returned page should confirm that correct certificate was been revoked.
6.3. Issuing CRLs
1. The Certificate Manager uses its CA signing key to sign CRLs. To use a separate signing key pair
for CRLs, set up a CRL signing key and change the Certificate Manager configuration to use this
key to sign CRLs. See
more information.
2. Set up CRL issuing points. An issuing point is already set up and enabled for a master CRL.
Figure 6.1. Default CRL Issuing Point
Additional issuing points for the CRLs can be created. See
Points"
for details.
There are four types of CRLs the issuing points can create, depending on the options set when
configuring the issuing point to define what the CRL will list:
• Master CRL contains the list of revoked certificates from the entire CA.
174
Section 6.3.4, "Setting a CA to Use a Different Certificate to Sign CRLs"
Section 6.3.1, "Configuring Issuing
for
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?