diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-04-13 12:13:11 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-04-13 12:13:11 +0200 |
commit | 3acf331ee7f3dc310a18b2b9b476a0d851e2bb32 (patch) | |
tree | 35e7192ac2b042f3a0d40d363c7f1db68edffc62 /doc | |
parent | 1eb501d0a85a742778e507ebfbb8f05a984559eb (diff) | |
download | gnutls-3acf331ee7f3dc310a18b2b9b476a0d851e2bb32.tar.gz |
Document how to generate CRLs.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gnutls.texi | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 527c23ddd3..612e126c55 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -3056,6 +3056,27 @@ $ certtool --generate-proxy --load-ca-privkey key.pem \ --outfile proxy-cert.pem @end example +@item +To create an empty Certificate Revocation List (CRL) do: + +@example +$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem +@end example + +To create a CRL that contains some revoked certificates, place the +certificates in a file and use @code{--load-certificate} as follows: + +@example +$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem +@end example + +@item +To verify a Certificate Revocation List (CRL) do: + +@example +$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem +@end example + @end itemize Certtool's template file format: |