3.3. Revoke Certificates
该文章根据 CC-BY-4.0 协议发表,转载请遵循该协议。
本文地址:https://fenying.net/en/book/pki-tutorials/3.3.revoke-certificate/
This chapter describes how to revoke certificates using OpenSSL command-line tools.
Revoke certificates is very easy, what you need is the intermediate CA certificate that issued the
certificate (with cRLSign usage) and execute the openssl ca -revoke subcommand.
Reason for Revocation
The reason for revocation (crl_reason) is required, and here are the choices:
- unspecified
- keyCompromise
- CACompromise
- affiliationChanged
- superseded
- cessationOfOperation
- certificateHold
- removeFromCRL
(to be continued)…
comments powered by Disqus