Table of Contents

About

A revoked certificate is a certificate that is in a list containing all revoked certificat.

This list is known as the crl or Certificate Revocation List

Management

Create

With Openssl 

# add the certificat into the index
openssl -revoke cert_to_revoke.pem
# Generates the CRL based on information in the index file
openssl ca -gencrl -out crl/your_revoked_certs.crl

Your server should be configured to use this list.

Examine

Csr Portecle Read

  • with the status openssl ca 1)command, you can Displays the revocation status of the certificate with the specified serial number
-status serial

Distribution Points

In the certificate as extension:

Crl Distribution Point

1)
ca command