Creating your own certificate revocation list – Nortel Networks NN46120-104 User Manual
Page 119
Creating Your Own Certificate Revocation List
119
Creating Your Own Certificate Revocation List
You can easily build and manage certificate revocation lists for client
certificates issued within your own organization. The CRL can then be
added by using TFTP/FTP/SCP/SFTP. For more information about how to
accomplish this, see
“Revoking Client Certificates Issued within your Own
Step
Action
1
Open a text editor and create a new file.
2
Decide if you want to add serial numbers in decimal form, or
in hexadecimal form.
If you choose to add serial numbers for client certificates to
revoke in decimal form, add a paragraph in the text document
that reads:
ASCII revocation
Or, if you choose to add serial numbers in hexadecimal form,
add a paragraph in the text document that reads:
HEX ASCII revocation
Note: You can add comments to a CRL ASCII file by
preceding your comments with the # character. Each new line
of comments must begin with the # character. Comments can
be used for providing information about the date of issue or
last update, for example. You can cancel the revocation of a
client certificate by inserting the # character at the beginning
of the line containing the desired serial number.
3
Add the serial numbers of the client certificates you want
to revoke.
For a CRL in decimal format, simply list the serial numbers the
ASCII revocation paragraph. For example:
# CRL for CA certificate 1
# Issued first: 2005-01-01
# Last update: 2005-02-01
ASCII revocation
500
501
590
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.