A server was decommissioned lately. It was running on a VM. Given that I do not have physical control over the HDD, I will be revoking the certificate for that server. This certificate was used for VPN access. That’s something I don’t want to be used by anyone else.
Here is how I revoked it. I do not know why I had to enter 5 twice.
$ sudo ssl-admin
'This program will walk you through requesting, signing,
organizing and revoking SSL certificates.
ssl-admin installed Wed Jan 2 20:46:56 UTC 2013
=====================================================
# SSL-ADMIN #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
Key Duration (days): 3650
Current Serial #: 0F
Key Size (bits): 4096
Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin
Menu Item: 5
=====================================================
# SSL-ADMIN #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
Key Duration (days): 3650
Current Serial #: 0F
Key Size (bits): 4096
Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin
Menu Item: 5
Please enter certificate owner's name or ID.
Usual format is first initial-last name (jdoe) or
hostname of server which will use this certificate.
All lower case, numbers OK.
Owner []: latens.example.org
File names will use latens.unixathome.org.
=========> Revoking Certificate for latens.example.org
We're going to REVOKE an SSL certificate. Are you sure? (y/n): y
$revoke = 2
Using configuration from /usr/local/etc/ssl-admin/openssl.conf
Enter pass phrase for /usr/local/etc/ssl-admin/active/ca.key:
Revoking Certificate 02.
Data Base Updated
=========> Generating new Certificate Revokation List /usr/local/etc/ssl-admin/prog/crl.pem
Using configuration from /usr/local/etc/ssl-admin/openssl.conf
Enter pass phrase for /usr/local/etc/ssl-admin/active/ca.key:
=========> Verifying Revokation: SUCCESS!
=========> Moving latens.example.org's files to /usr/local/etc/ssl-admin/revoked
=========> Destroying previous packages built for latens.example.org: DONE
=========> CSR for all users is in /usr/local/etc/ssl-admin/csr
===============> Changing file name for latens.example.org's request to *.revoked
=====================================================
# SSL-ADMIN #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
Key Duration (days): 3650
Current Serial #: 0F
Key Size (bits): 4096
Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin
Menu Item: q
$
