Here's a quick tutorial on how manually look & query a CRL list for a certificate revocation status.
http://www.entrust.net/customer/crl_form.cfm
If you used Entrust to sign a certificate and you need to revoke it. You can retrieve the certificate serial# and the CA details from the certificate , and use the above link to query the certificate status.
Here's a certificate installed on a F5-LTM, ( take note of the hex serialnumber and the CA issuer )
Next, we pop the serial# in the query input ( after selecting l1k ) and if it's revoked, you will get the status which includes the date/time of revocation
the openssl utility is a good means also for gathering the certificate serial#,
eg
openssl x509 -in < certificatename.crt> -noout -serial
Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment