I'm using self-signed certificates for testing, how can I generate certificate revocation list to test cert verification? Has keytool in JDK provided such functionalities?
Thanks!
Asked
Active
Viewed 1.1k times
1 Answers
3
OpenSSL http://www.openssl.org/
The CA (included) is excellent for testing simple PKIs. Perhaps a little bit daunting at first, but there is plenty of info around.
For CRLs, the out of the box setup should do the trick for you: https://www.openssl.org/docs/manmaster/man1/ca.html#CRL-OPTIONS
All the best.
JuanMoreno
- 2,498
- 1
- 25
- 34
Alastair
- 46
- 1
-
Thanks, I read the documentation from above. CRL could be created by the following commands. openssl ca -revoke test.pem -config my.cnf openssl ca -gencrl -out test.crl -config my.cnf – Felix Apr 25 '11 at 05:07