HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 3 Using the Certificate Tool

Create a Certificate Revocation List

  Table of Contents


After you have revoked all known compromised certificates, you should create a Certificate Revocation List (CRL). You can create a CRL using the HP SSL Certificate Tool.

To create a CRL, perform the following steps:

  1. From the Main Menu, select Option 8 - Create a Certificate Revocation List.

  2. Enter the filenames of the Certificate Authority (CA) certificate and key.

  3. Enter the filename of the Certificate Revocation List. This is the file into which the CRL will be written.

  4. Enter the number of days until the next CRL will be issued. Certificate Authorities typically issue CRLs on a periodic basis to maintain the current status of the certificates that it has signed.

  5. Enter the PEM passphrase of the CA's key.

The Certificate Tool then creates the CRL in the specified file.