EnglishFrenchSpanish

OnWorks favicon

pki---signcrl - Online in the Cloud

Run pki---signcrl in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command pki---signcrl that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


pki --signcrl - Issue a Certificate Revocation List (CRL) using a CA certificate and key

SYNOPSIS


pki --signcrl --cakey file|--cakeyid hex --cacert file [--lifetime days] [--this-
update datetime] [--next-update datetime] [--lastcrl crl] [--basecrl crl]
[--crluri uri] [--digest digest]
[[--reason reason] [--date ts] --cert file|--serial hex]
[--outform encoding] [--debug level]

pki --signcrl --options file

pki --signcrl -h | --help

DESCRIPTION


This sub-command of pki(1) is used to issue a Certificate Revocation List (CRL) using a CA
certificate and private key.

OPTIONS


-h, --help
Print usage information with a summary of the available options.

-v, --debug level
Set debug level, default: 1.

-+, --options file
Read command line options from file.

-k, --cakey file
CA private key file. Either this or --cakeyid is required.

-x, --cakeyid hex
Key ID of a CA private key on a smartcard. Either this or --cakey is required.

-c, --cacert file
CA certificate file. Required.

-l, --lifetime days
Days until the CRL gets a nextUpdate, default: 15. Ignored if both an absolute
start and end time are given.

-F, --this-update datetime
Absolute time when the validity of the CRL begins. The datetime format is defined
by the --dateform option.

-T, --next-update datetime
Absolute time when the validity of the CRL end. The datetime format is defined by
the --dateform option.

-D, --dateform form
strptime(3) format for the --this-update and --next-update options, default:
%d.%m.%y %T

-a, --lastcrl crl
CRL of lastUpdate to copy revocations from.

-b, --basecrl crl
Base CRL to create a delta CRL for.

-u, --crluri uri
Freshest delta CRL URI to include in CRL. Can be used multiple times.

-g, --digest digest
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or
sha512. The default is determined based on the type and size of the signature key.

-f, --outform encoding
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64
PEM), defaults to der.

Revoked Certificates
Multiple revoked certificates can be added to the CRL by either providing the certificate
file or the respective serial number directly. A reason and a timestamp can be configured
for each revocation (they have to be given before each certificate/serial on the command
line).

-r, --reason reason
The reason why the certificate was revoked. One of key-compromise, ca-compromise,
affiliation-changed, superseded, cessation-of-operation, or certificate-hold.

-d, --date ts
Revocation date as Unix timestamp. Defaults to the current time.

-z, --cert file
Certificate file to revoke.

-s, --serial hex
Hexadecimal encoded serial number of the certificate to revoke.

EXAMPLES


Revoke a certificate:

pki --signcrl --cacert ca_cert.der --cakey ca_key.der \
--reason superseded --cert cert.der > crl.der

Update an existing CRL with two new revocations, using the certificate's serial number,
but no reason:

pki --signcrl --cacert ca_cert.der --cakey ca_key.der \
--lastcrl old_crl.der --serial 0123 --serial 0345 > crl.der

Use pki---signcrl online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    archlabs_repo
    archlabs_repo
    Package repo for ArchLabs This is an
    application that can also be fetched
    from
    https://sourceforge.net/projects/archlabs-repo/.
    It has been hosted in OnWorks in...
    Download archlabs_repo
  • 2
    Zephyr Project
    Zephyr Project
    The Zephyr Project is a new generation
    real-time operating system (RTOS) that
    supports multiple hardware
    architectures. It is based on a
    small-footprint kernel...
    Download Zephyr Project
  • 3
    SCons
    SCons
    SCons is a software construction tool
    that is a superior alternative to the
    classic "Make" build tool that
    we all know and love. SCons is
    implemented a...
    Download SCons
  • 4
    PSeInt
    PSeInt
    PSeInt is a pseudo-code interpreter for
    spanish-speaking programming students.
    Its main purpose is to be a tool for
    learning and understanding the basic
    concep...
    Download PSeInt
  • 5
    oStorybook
    oStorybook
    oStorybook l'outil privil�gi� des
    �crivains. ATTENTION : voir sur
    http://ostorybook.tuxfamily.org/v5/
    --en_EN oStorybook the right tool for
    writers. WARNIN...
    Download oStorybook
  • 6
    Asuswrt-Merlin
    Asuswrt-Merlin
    Asuswrt-Merlin is a third party
    firmware for select Asus wireless
    routers. Based on the Asuswrt firmware
    developed by Asus, it brings tweaks, new
    features and ...
    Download Asuswrt-Merlin
  • More »

Linux commands

  • 1
    aafigure
    aafigure
    aafigure - convert ASCII art to an
    image ...
    Run aafigure
  • 2
    aafire
    aafire
    aafire, aainfo, aasavefont, aatest -
    aalib example programs ...
    Run aafire
  • 3
    coqtop.opt
    coqtop.opt
    coqtop.opt - The native-code Coq
    toplevel ...
    Run coqtop.opt
  • 4
    coqwc
    coqwc
    coqwc - print the number of
    specification, proof and comment lines
    in Coq files ...
    Run coqwc
  • 5
    g15composer
    g15composer
    g15composer - Scriptable command
    interface to libg15render(3) drawing
    functions DESCRIPTION: G15composer is a
    scriptable command interface to the
    libg15render ...
    Run g15composer
  • 6
    g15daemon
    g15daemon
    g15daemon - provides access to extra
    keys and the LCD available on the
    logitech G15 keyboard. DESCRIPTION:
    G15Daemon allows users access to all
    extra keys by d...
    Run g15daemon
  • More »

Ad