Document how to generate CRLs.

author: Simon Josefsson <simon@josefsson.org> 2008-04-13 12:13:11 +0200
committer: Simon Josefsson <simon@josefsson.org> 2008-04-13 12:13:11 +0200
commit: 3acf331ee7f3dc310a18b2b9b476a0d851e2bb32 (patch)
tree: 35e7192ac2b042f3a0d40d363c7f1db68edffc62 /doc
parent: 1eb501d0a85a742778e507ebfbb8f05a984559eb (diff)
download: gnutls-3acf331ee7f3dc310a18b2b9b476a0d851e2bb32.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 527c23ddd3..612e126c55 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -3056,6 +3056,27 @@ $ certtool --generate-proxy --load-ca-privkey key.pem \
   --outfile proxy-cert.pem
 @end example
 
+@item
+To create an empty Certificate Revocation List (CRL) do:
+
+@example
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem
+@end example
+
+To create a CRL that contains some revoked certificates, place the
+certificates in a file and use @code{--load-certificate} as follows:
+
+@example
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
+@end example
+
+@item
+To verify a Certificate Revocation List (CRL) do:
+
+@example
+$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
+@end example
+
 @end itemize
 
 Certtool's template file format:
author	Simon Josefsson <simon@josefsson.org>	2008-04-13 12:13:11 +0200
committer	Simon Josefsson <simon@josefsson.org>	2008-04-13 12:13:11 +0200
commit	3acf331ee7f3dc310a18b2b9b476a0d851e2bb32 (patch)
tree	35e7192ac2b042f3a0d40d363c7f1db68edffc62 /doc
parent	1eb501d0a85a742778e507ebfbb8f05a984559eb (diff)
download	gnutls-3acf331ee7f3dc310a18b2b9b476a0d851e2bb32.tar.gz