Friday, September 9, 2016

CRL certificate revocation checks

Here's a quick tutorial on how manually look &  query a CRL list for a certificate revocation status.

http://www.entrust.net/customer/crl_form.cfm

If you used Entrust  to sign a  certificate and you need to revoke it. You  can retrieve the  certificate serial# and the CA details from the certificate , and use the above link to query the certificate status.

Here's a certificate installed on a F5-LTM,  ( take note of the hex serialnumber  and the CA issuer  )



Next, we pop the serial# in the query input  ( after  selecting l1k ) and if it's revoked, you will get the status which includes the date/time of revocation







the openssl  utility is a good means also for gathering the certificate serial#,






eg

openssl x509 -in < certificatename.crt> -noout -serial




Ken

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment