Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 8 - AGENTS GUIDE
51525354555657585960
Key compromised
CA key compromised
Affiliation changed
Certificate superseded
Cessation of operation
Certificate is on hold
4. Enter any additional comment. The comment is included in the revocation request.
When the revocation request is submitted, it is automatically approved, and the certificate is
revoked. Revocation requests are viewed by listing requests with a status of Completed; see
Section 2, “Listing Certificate Requests” for more information.
CAUTION
Whether a single certificate or a list of certificates is revoked, be extremely
careful that the correct certificate has been selected or that the list contains only
certificates which should be revoked. Once a revocation operation is confirmed,
there is no way to undo it.
5. Managing the Certificate Revocation List
Revoking a certificate notifies other users that the certificate is no longer valid. This notification
is done by publishing a list of the revoked certificates, called the certificate revocation list (CRL),
to an LDAP directory or to a flat file. This list is publicly available and ensures that revoked
certificates are not misused.
5.1. Viewing or Examining CRLs
It may be necessary to view or examine a CRL, such as before manually updating a directory
with the latest CRL. To view or display the CRL, do the following:
1. Go to the CM agent services page.
2. Click Display Certificate Revocation List to display the form for viewing the CRL.
3. Select the CRL to view. If the administrator has created multiple issuing points, these are
listed in the Issuing point drop-down list. Otherwise, only the master CRL is shown.
Chapter 5. CA: Finding and Revoking Certificates
54