Friday, September 9, 2016

CRL certificate revocation checks

Here's a quick tutorial on how manually look &  query a CRL list for a certificate revocation status.

If you used Entrust  to sign a  certificate and you need to revoke it. You  can retrieve the  certificate serial# and the CA details from the certificate , and use the above link to query the certificate status.

Here's a certificate installed on a F5-LTM,  ( take note of the hex serialnumber  and the CA issuer  )

Next, we pop the serial# in the query input  ( after  selecting l1k ) and if it's revoked, you will get the status which includes the date/time of revocation

the openssl  utility is a good means also for gathering the certificate serial#,


openssl x509 -in < certificatename.crt> -noout -serial


NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment