[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tips: How to revoke a certificate and then update CRL

To: Terrence Miao <terrence@xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Tips: How to revoke a certificate and then update CRL
From: Terrence Miao <terrence_miao@xxxxxxxxx>
Date: Tue, 16 Nov 1999 09:43:30 +1100

How to revoke a certificate and then update CRL:

[root@igloo iglooCA]# cat index.txt
V       000815041905Z           01      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Certificates Administration/CN=Server Certificate/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
V       000819070705Z           02      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Information Software Development/CN=Terrence Miao/Email=t.miao@xxxxxxxxxxxxxxxxxx
V       000822050802Z           03      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Information Software Development/CN=Stephen Stebbing/Email=s.stebbing@xxxxxxxxxxxxxxxxxx
V       000907053010Z           04      unknown /C=Au/L=Macquarie/O=igloo CA/OU=Directory Server Administration/CN=igloo.its.unimacq.edu.au
V       000907061017Z           05      unknown /C=Au/ST=Victoria/L=Macquarie/O=igloo CA/OU=Directory Server Administration/CN=igloo.its.unimacq.edu.au

=====================================================
We wanna revoke certificate which serial number is 04
=====================================================

[root@igloo iglooCA]# openssl x509 -text -noout -in newcerts/04.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=AU, ST=Victoria, L=Macquarie, O=igloo CA, OU=Certificates Administration, CN=igloo Certificate Authority/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
        Validity
            Not Before: Sep  8 05:30:10 1999 GMT
            Not After : Sep  7 05:30:10 2000 GMT
        Subject: C=Au, L=Macquarie, O=igloo CA, OU=Directory Server Administration, CN=igloo.its.unimacq.edu.au
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:b0:e7:a6:ad:c5:a8:f2:db:84:4d:9b:18:07:0a:
                    60:2a:a7:fb:59:fd:12:e6:25:7b:5a:ab:39:6a:f9:
                    44:d8:e1:04:b8:88:74:75:7c:57:b9:4b:98:78:18:
                    9e:4d:35:57:9d:24:e0:89:ea:aa:b1:60:d7:18:fb:
                    57:c3:fc:a2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                66:FC:1E:9B:BC:87:98:CE:25:65:A7:04:8B:2F:8C:20:C6:2E:9B:23
            X509v3 Authority Key Identifier: 
                keyid:D2:A1:92:D0:CB:05:C3:3A:2E:88:BD:54:94:FA:52:5A:D6:53:C6:88
                DirName:/C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Certificates Administration/CN=igloo Certificate Authority/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
                serial:00

    Signature Algorithm: md5WithRSAEncryption
        0f:b3:68:df:71:33:73:e2:a0:bb:73:af:f3:29:e5:76:a2:33:
        35:a9:4c:8d:2c:51:6a:db:dd:80:e3:7f:25:49:a8:ab:e6:9d:
        d4:08:0e:75:04:54:29:56:be:46:22:55:39:51:18:1c:71:5e:
        fd:3d:19:2c:0f:13:73:88:d5:c9:8c:60:ee:f8:c5:a0:6a:98:
        b1:cc:86:5a:f4:dc:47:a6:6b:06:44:57:27:4c:79:84:ba:a2:
        b0:cf:d5:80:be:43:0b:2f:51:f8:e2:c2:45:5f:b2:bf:a0:82:
        42:a9:1a:da:45:d3:66:01:97:5e:fd:4f:72:c8:6c:a1:18:7c:
        f3:1c


[root@igloo iglooCA]# openssl ca -revoke newcerts/04.pem 
Using configuration from /var/ssl/openssl.cnf
Enter PEM pass phrase:
Revoking Certificate 04.
Data Base Updated


[root@igloo iglooCA]# cat index.txt
V       000815041905Z           01      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Certificates Administration/CN=Server Certificate/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
V       000819070705Z           02      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Information Software Development/CN=Terrence Miao/Email=t.miao@xxxxxxxxxxxxxxxxxx
V       000822050802Z           03      unknown /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Information Software Development/CN=Stephen Stebbing/Email=s.stebbing@xxxxxxxxxxxxxxxxxx
R       000907053010Z   991115223626Z   04      unknown /C=Au/L=Macquarie/O=igloo CA/OU=Directory Server Administration/CN=igloo.its.unimacq.edu.au
V       000907061017Z           05      unknown /C=Au/ST=Victoria/L=Macquarie/O=igloo CA/OU=Directory Server Administration/CN=igloo.its.unimacq.edu.au


[root@igloo iglooCA]# openssl ca -gencrl -out /tmp/crl.pem
Using configuration from /var/ssl/openssl.cnf
Enter PEM pass phrase:

[root@igloo iglooCA]# openssl crl -text -noout -in /tmp/crl.pem 
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: /C=AU/ST=Victoria/L=Macquarie/O=igloo CA/OU=Certificates Administration/CN=igloo Certificate Authority/Email=root@xxxxxxxxxxxxxxxxxxxxxxxx
        Last Update: Nov 15 22:37:33 1999 GMT
        Next Update: Dec 15 22:37:33 1999 GMT
Revoked Certificates:
    Serial Number: 04
        Revocation Date: Nov 15 22:36:26 1999 GMT
    Signature Algorithm: md5WithRSAEncryption
        1e:f0:c9:49:ed:78:0a:92:f8:3c:b3:53:48:0f:0d:13:7c:8b:
        5c:98:43:6a:7b:66:27:44:8b:82:20:f4:91:e9:2e:b1:fe:9e:
        b9:a1:0d:f8:8a:f9:6f:3c:61:06:25:7d:33:5c:df:23:e0:d4:
        47:99:58:23:43:c9:3b:42:97:ae:1a:df:2b:be:8c:89:60:e9:
        e4:d9:be:22:ea:6b:93:73:b3:b6:f6:d0:9e:62:72:09:ba:f2:
        63:e9:e9:77:ca:69:6a:23:ed:d1:ae:4f:c4:6e:c7:92:ca:fd:
        d3:4f:2e:25:2d:fa:21:7c:48:ad:5d:a6:c1:5b:c8:39:b6:3e:
        18:3b

Prev by Date: DER format of CRL
Next by Date: Cisco - "Round-Robin" DNS <http://www.google.com/search?q=cache:11399289&dq=cache:www.cisco.com/warp/public/787/49.html>
Previous by thread: DER format of CRL
Next by thread: Cisco - "Round-Robin" DNS <http://www.google.com/search?q=cache:11399289&dq=cache:www.cisco.com/warp/public/787/49.html>
Index(es):
- Main
- Thread