-
Notifications
You must be signed in to change notification settings - Fork 139
Revoking Certificate with CMC Shared Token
Endi S. Dewata edited this page Jun 6, 2023
·
4 revisions
This page describes the process to revoke a certificate using CMC shared token.
It assumes that:
-
The CA admin has created an issuance protection certificate.
-
The CA admin has configured CMC shared token authentication.
-
The CA admin has generated a CMC shared token for revoking the certificate.
To create a CMC request prepare a CMCRequest configuration file (e.g. /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-request.cfg) and store the certificate serial number in the revRequest.serial
property:
$ cp \ /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-request.cfg \ testuser-cmc-revocation-request.cfg $ sed -i \ -e "s/^\(revRequest.serial\)=.*/\1=<serial number>/" \ testuser-cmc-revocation-request.cfg
Then execute the following command:
$ CMCRequest testuser-cmc-revocation-request.cfg
To submit the CMC request prepare an HttpClient
configuration file (e.g. /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-submit.cfg), then execute the following command:
$ HttpClient testuser-cmc-revocation-submit.cfg
To process the CMC response:
$ CMCResponse \ -d /root/.dogtag/nssdb \ -i testuser.cmc-revocation-response
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |