8.1.8 Certificate revocation list generation
To create an empty Certificate Revocation List (CRL) do:
| | $ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
--load-ca-certificate x509-ca.pem
|
To create a CRL that contains some revoked certificates, place the
certificates in a file and use --load-certificate as follows:
| | $ certtool --generate-crl --load-ca-privkey x509-ca-key.pem \
--load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
|
To verify a Certificate Revocation List (CRL) do:
| | $ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
|
