Next: , Previous: Issuing certificates, Up: Top


3.3 Issuing CRLs

Create an empty CRL with no certificates revoked. Default expiration value is one year from now.

     hxtool crl-sign \
     	--crl-file=crl.der \
     	--signer=FILE:ca.pem

Create a CRL with all certificates in the directory /path/to/revoked/dir included in the CRL as revoked. Also make it expire one month from now.

     hxtool crl-sign \
     	--crl-file=crl.der \
             --signer=FILE:ca.pem \
     	--lifetime='1 month' \
             DIR:/path/to/revoked/dir