diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | THANKS | 1 | ||||
| -rw-r--r-- | doc/gnutls.texi | 21 |
3 files changed, 25 insertions, 0 deletions
@@ -5,6 +5,9 @@ See the end for copying conditions. * Version 2.3.5 (unreleased) +** Document how to generate CRLs. +Suggested by "Rainer Gerhards" <rgerhards@gmail.com>. + ** Documented the --priority option to gnutls-cli and gnutls-serv. ** Several minor fixes in the OpenPGP interface. Thanks to Daniel Kahn @@ -75,6 +75,7 @@ Dennis Vshivkov <walrus@amur.ru> Kristofer T. Karas <ktk@enterprise.bidmc.harvard.edu> Marc Haber <mh+debian-bugs@zugschlus.de> Tim Mooney <tim@tim-the-enchanter.org> +Rainer Gerhards <rgerhards@gmail.com> ---------------------------------------------------------------------- Copying and distribution of this file, with or without modification, diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 527c23ddd3..612e126c55 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -3056,6 +3056,27 @@ $ certtool --generate-proxy --load-ca-privkey key.pem \ --outfile proxy-cert.pem @end example +@item +To create an empty Certificate Revocation List (CRL) do: + +@example +$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem +@end example + +To create a CRL that contains some revoked certificates, place the +certificates in a file and use @code{--load-certificate} as follows: + +@example +$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem +@end example + +@item +To verify a Certificate Revocation List (CRL) do: + +@example +$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem +@end example + @end itemize Certtool's template file format: |