About
A revoked certificate is a certificate that is in a list containing all revoked certificat.
This list is known as the crl or Certificate Revocation List
Management
Create
With Openssl
# add the certificat into the index
openssl -revoke cert_to_revoke.pem
# Generates the CRL based on information in the index file
openssl ca -gencrl -out crl/your_revoked_certs.crl
Your server should be configured to use this list.
Examine
- with Portecle
- with the status openssl ca 1)command, you can Displays the revocation status of the certificate with the specified serial number
-status serial
Distribution Points
In the certificate as extension: