Discussion:
Revoking a certificate using only a serial number?
Joe Gluck
2006-07-27 18:40:47 UTC
Permalink
Does anyone know how can I revoke a certificate, even if I don't have
the certificate file anymore, (using openssl) can I just update the
index.txt line associated with this certificate, change the V to R and
add the revocation date? If this should work does anyone have already a
script that does that? Or can some one help with the exact format of
the index.txt file.

Thanks,
Joe
Olaf Gellert
2006-07-28 09:35:14 UTC
Permalink
Hi Joe,
Post by Joe Gluck
Does anyone know how can I revoke a certificate, even if I don't have
the certificate file anymore, (using openssl) can I just update the
index.txt line associated with this certificate, change the V to R and
add the revocation date? If this should work does anyone have already a
script that does that? Or can some one help with the exact format of
the index.txt file.
Yes, that's the way: Just change V to R and add a
revocation date. Then issue a new CRL. You might
inspect the CRL afterward with

openssl crl -in crlfile.pem -text

and you should see that the serial number of the revoked
certificate is listed in the CRL.

Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og-***@public.gmane.org

A daily view on Internet Attacks
https://www.ecsirt.net/sensornet

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Bernhard Froehlich
2006-07-28 09:58:48 UTC
Permalink
Post by Olaf Gellert
Hi Joe,
Post by Joe Gluck
Does anyone know how can I revoke a certificate, even if I don't have
the certificate file anymore, (using openssl) can I just update the
index.txt line associated with this certificate, change the V to R and
add the revocation date? If this should work does anyone have already a
script that does that? Or can some one help with the exact format of
the index.txt file.
Yes, that's the way: Just change V to R and add a
revocation date.
BTW, the revocation date is in ASN1_UTCTIME-Format, which is
YYMMDDHHMMSSZ (example: "060728115600Z"). If you'll revocate the cert
before the year 2050. ;)
[...]

Hope it helps,
Ted
;)
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
Continue reading on narkive:
Loading...