System information
NOTE
Surround values that include spaces in quotation marks.
2. Testing CMC Revocation
Test that CMC revocation is working properly by doing the following:
1. Create a CMC revocation request for an existing certificate. For example, if the directory
containing the agent certificate is /var/lib/rhpki-ca/alias/, the nickname of the
certificate is CertificateManagerAgentCert, and the serial number of the certificate is 22,
the command is as follows:
CMCRevoke -d "/var/lib/rhpki-ca/alias" -n "CertificateManagerAgentCert" -i
"cn=agentAuthMgr" -s 22 -m 0 -c "test comment"
2. Open the CA's end-entities page.
3. Select the Revocation tab.
4. Select the CMC Revoke link in the menu.
5. Paste the output from the CMCRevoke operation into the text box. Remove the -----BEGIN
NEW CERTIFICATE REQUEST----- and ----END NEW CERTIFICATE REQUEST----- lines
from the pasted content.
6. Click Submit.
7. The results page displays that certificate 22 has been revoked.
Chapter 15. CMC Revocation
62