Next: , Previous: , Up: Top   [Contents]


3.3 Issuing CRLs

Create an empty CRL with no certificates revoked. Default expiration value is one year from now.

hxtool crl-sign \
	--crl-file=crl.der \
	--signer=FILE:ca.pem

Create a CRL with all certificates in the directory /path/to/revoked/dir included in the CRL as revoked. Also make it expire one month from now.

hxtool crl-sign \
	--crl-file=crl.der \
        --signer=FILE:ca.pem \
	--lifetime='1 month' \
        DIR:/path/to/revoked/dir