Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 222

NOTE
Revocation alone is not enough to deactivate a certificate. Also publish revoked
certificates in a CRL.
create CRLs. Revoked certificates can be completely removed after publication
in a CRL with Delete.
17.2.5 Changing Default Values
The previous sections explained how to create sub-CAs, client certificates, and server
certificates. Special settings are used in the extensions of the X.509 certificate. These
settings have been given rational defaults for every certificate type and do not normally
need to be changed. However, it may be that you have special requirements for these
extensions. In this case, it may make sense to adjust the defaults. Otherwise, start from
scratch every time you create a certificate.
1 Start YaST and open the CA module.
2 Enter the required root CA, as described in
3 Click Advanced > Edit Defaults.
4 Choose the type the settings to change. The dialog for changing the defaults,
208 Security Guide
Section 17.2.6, "Creating CRLs"
a Sub-CA" (page 204).
shown in Figure 17.4, "YaST CA Module—Extended Settings"
opens.
(page 209) explains how to
Section 17.2.3, "Creating or Revoking
(page 209), then