![]() Originally I just wanted to secure and control access to my server now I just want to revoke some of that access. Is there a 'standalone' CRL generation command, as per cert creation? I don't care about persistence of CAs or respecting proper SSL 'theory' (otherwise there'd be no self-signing for a start). demoCA/index.txt: No such file or directory CRL generation seems to require an index.txt however: openssl ca -cert "ssl_ca/ca.crt" -keyfile "ssl_ca/ca.key" -revoke "ssl_badguy/badguy.p12" Now I need to revoke one such client certificate, which entails generating a CRL and adding it to Apache. ![]() The script below was hacked together for this purpose - note it uses the 'mini-CA' x509 method, therefore recording nothing in an index.txt. I generate self-signed client certificates for a little Apache server hosted under my stairs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |