How to revoke a certificat with the Certificate Revocation List (CRL) ?


A revoked certificate is a certificate that is in a list containing all revoked certificat.

This list is known as the crl or Certificate Revocation List



With Openssl

# add the certificat into the index
openssl -revoke cert_to_revoke.pem
# Generates the CRL based on information in the index file
openssl ca -gencrl -out crl/your_revoked_certs.crl

Your server should be configured to use this list.


  • with the status openssl ca 1)command, you can Displays the revocation status of the certificate with the specified serial number
-status serial

Distribution Points

In the certificate as extension:

Powered by ComboStrap