ssl-admin: revoking a certificate

A server was decommissioned lately. It was running on a VM. Given that I do not have physical control over the HDD, I will be revoking the certificate for that server. This certificate was used for VPN access. That’s something I don’t want to be used by anyone else.

Here is how I revoked it. I do not know why I had to enter 5 twice.

$ sudo ssl-admin
'This program will walk you through requesting, signing,
organizing and revoking SSL certificates.

ssl-admin installed Wed Jan 2 20:46:56 UTC 2013


=====================================================
#                  SSL-ADMIN                        #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
     Key Duration (days): 3650
     Current Serial #: 0F
     Key Size (bits): 4096
     Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin

Menu Item: 5


=====================================================
#                  SSL-ADMIN                        #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
     Key Duration (days): 3650
     Current Serial #: 0F
     Key Size (bits): 4096
     Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin

Menu Item: 5
Please enter certificate owner's name or ID.
Usual format is first initial-last name (jdoe) or
hostname of server which will use this certificate.
All lower case, numbers OK.
Owner []: latens.example.org


File names will use latens.unixathome.org.
=========> Revoking Certificate for latens.example.org
We're going to REVOKE an SSL certificate.  Are you sure? (y/n): y

 $revoke = 2
Using configuration from /usr/local/etc/ssl-admin/openssl.conf
Enter pass phrase for /usr/local/etc/ssl-admin/active/ca.key:
Revoking Certificate 02.
Data Base Updated
=========> Generating new Certificate Revokation List /usr/local/etc/ssl-admin/prog/crl.pem
Using configuration from /usr/local/etc/ssl-admin/openssl.conf
Enter pass phrase for /usr/local/etc/ssl-admin/active/ca.key:
=========> Verifying Revokation: SUCCESS!
=========> Moving latens.example.org's files to /usr/local/etc/ssl-admin/revoked
=========> Destroying previous packages built for latens.example.org: DONE
=========> CSR for all users is in /usr/local/etc/ssl-admin/csr
===============> Changing file name for latens.example.org's request to *.revoked

=====================================================
#                  SSL-ADMIN                        #
=====================================================
Please enter the menu option from the following list:
1) Update run-time options:
     Key Duration (days): 3650
     Current Serial #: 0F
     Key Size (bits): 4096
     Intermediate CA Signing: NO
2) Create new Certificate Request
3) Sign a Certificate Request
4) Perform a one-step request/sign
5) Revoke a Certificate
6) Renew/Re-sign a past Certificate Request
7) View current Certificate Revokation List
8) View index information for certificate.
z) Zip files for end user.
dh) Generate Diffie Hellman parameters.
CA) Create new Self-Signed CA certificate.
S) Create new Signed Server certificate.
q) Quit ssl-admin

Menu Item: q
$
Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top