From 94affdf316a24441abdf08aa81f8224a7a5fea84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 3 Jun 2007 21:54:06 +0000
Subject: [PATCH] One more crl-sign example.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20873 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 doc/hx509.texi | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/doc/hx509.texi b/doc/hx509.texi
index 834a8254f..76846e31b 100644
--- a/doc/hx509.texi
+++ b/doc/hx509.texi
@@ -465,9 +465,20 @@ Windows, so you have to deal with this somehow.
 @node Issuing CRLs, Application requirements, Issuing certificates, Top
 @section Issuing CRLs
 
+Create an empty CRL with not certificates revoked. Default expiration
+value is one year from now.
+
 @example
 hxtool crl-sign --crl-file=crl.der --signer=FILE:ca.pem
-cp crl.der /path/to/published/uri
+@end example
+
+Create a CRL with all certificates in the directory
+@file{/path/to/revoked/dir} included in the CRL as revoked.  Also make
+it expire one month from now.
+
+@example
+hxtool crl-sign --crl-file=crl.der --signer=FILE:ca.pem \
+--lifetime='1 month' DIR:/path/to/revoked/dir
 @end example
 
 @node Application requirements, CMS signing and encryption, Issuing CRLs, Top