From 33e3354b9405c14fc9375de30a8bdb3e68a81da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 3 Jun 2007 07:30:52 +0000 Subject: [PATCH] Simple blob about publishing CRLs. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20836 ec53bebd-3082-4978-b11e-865c3cabbd6b --- doc/hx509.texi | 39 +++++++++++---------------------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/doc/hx509.texi b/doc/hx509.texi index 45dc2b9b7..834a8254f 100644 --- a/doc/hx509.texi +++ b/doc/hx509.texi @@ -171,32 +171,6 @@ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@copynext - -Copyright (c) 2005 Doug Rabson -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - @copyrightend @end titlepage @@ -238,6 +212,7 @@ Setting up a CA @c * Issuing certificates:: * Creating a CA certificate:: * Issuing certificates:: +* Issuing CRLs:: @c * Issuing a proxy certificate:: @c * Creating a user certificate:: @c * Validating a certificate:: @@ -450,7 +425,7 @@ hxtool issue-certificate \ @end example -@node Issuing certificates, Application requirements, Creating a CA certificate, Top +@node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top @section Issuing certificates First you'll create a CA certificate, after that you have to deal with @@ -487,7 +462,15 @@ The main reason you as a CA administrator have to deal with CRLs however will be that some software require there to be CRLs. Example of this is Windows, so you have to deal with this somehow. -@node Application requirements, CMS signing and encryption, Issuing certificates, Top +@node Issuing CRLs, Application requirements, Issuing certificates, Top +@section Issuing CRLs + +@example +hxtool crl-sign --crl-file=crl.der --signer=FILE:ca.pem +cp crl.der /path/to/published/uri +@end example + +@node Application requirements, CMS signing and encryption, Issuing CRLs, Top @section Application requirements Application have different requirements on certificates. This section