Problems revoking a cert
Michael Leone
turgon at mike-leone.com
Mon Feb 24 17:36:26 UTC 2020
On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Michael Leone
> > Sent: Monday, February 24, 2020 09:37
>
> > SO I was an idiot, and signed a certificate, but specified an invalid
> location. i.e.,
> > I used a "/" instead of a "/" in the location.
>
> I assume that was supposed to be 'a "\" instead of a "/"', based on what
> you have below.
>
Yes, I had it backwards. And I was able to find the file, and properly
revoke it, after sending my initial email. I just haven't had time to go
back and tell the list.
>
> > $ sudo openssl ca -in requests/<client>.req -out
> certs\<client>-2020-02-24.<FQDN>
> >
> > And so I can't find that cert file anywhere (obviously).
>
> That's not obvious at all.
I meant - obviously it's not in the subdirectory I thought it would be in
...
> Does your CA configuration not have a new_certs_dir? Normally it will
> create a copy of the certificate there, under the serial number.
>
> > I know the serial number of the wrongly issued cert, I had hoped I could
> revoke
> > using just the serial number. But searches tell me I can't do it that
> way.
>
> Well, you *can*, by editing the CA's index.txt file directly. You can
> create and revoke a test certificate to see what the altered line should
> look like. (It will start with "R" instead of "V", and have a revocation
> date. Fields are separated by tabs.)
>
Interesting. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200224/0138b9f4/attachment.html>
More information about the openssl-users
mailing list