Figure 42.2 YaST CA Module—Using a CA
4 Click Advanced and select Create SubCA. This opens the same dialog as for
creating a root CA.
5 Proceed as described in Section 42.2.1, "Creating a Root CA" (page 812).
6 Select the tab Certificates. Reset compromised or otherwise unwanted sub-CAs
here using Revoke. Revocation is not enough to deactivate a sub-CA on its own.
Also publish revoked sub-CAs in a CRL. The creation of CRLs is described in
Section 42.2.5, "Creating CRLs " (page 819).
7 Finish with Ok
42.2.3 Creating or Revoking User
Certificates
Creating client and server certificates is very similar to the one for creating CAs in
Section 42.2.1, "Creating a Root CA" (page 812). The same principles apply here. In
certificates intended for e-mail signature, the e-mail address of the sender (the private
key owner) should be contained in the certificate to enable the e-mail program to assign
the correct certificate. For certificate assignment during encryption, it is necessary for
Managing X.509 Certification
815