Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 181

5 Click Add > Add Server Certificate and create a server certificate.
6 Click Add > Add Client Certificate and create a client certificate. Do not forget
to enter an e-mail address.
7 Finish with OK
To revoke compromised or otherwise unwanted certificates, do the following:
1 Start YaST and open the CA module.
2 Select the required root CA and click Enter CA.
3 Enter the password if entering a CA the first time. YaST displays the CA key
information in the Description tab.
4 Click Certificates (see
(page 166).)
5 Select the certificate to revoke and click Revoke.
6 Choose a reason to revoke this certificate
7 Finish with OK.
NOTE
Revocation alone is not enough to deactivate a certificate. Also publish revoked
certificates in a CRL.
create CRLs. Revoked certificates can be completely removed after publication
in a CRL with Delete.
17.2.5 Changing Default Values
The previous sections explained how to create sub-CAs, client certificates, and server
certificates. Special settings are used in the extensions of the X.509 certificate. These
settings have been given rational defaults for every certificate type and do not normally
need to be changed. However, it may be that you have special requirements for these
Section 17.2.3, "Creating or Revoking a Sub-CA"
Section 17.2.6, "Creating CRLs" (page 171) explains how to
Managing X.509 Certification 169