Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 25. revoker (Sending Revocation Requests)

The revoker utility sends revocation requests to the CA agent interface to revoke certificates. To access the interface, revoker needs to have access to an agent certificate that is part of the subsystem group that is acceptable to the CA.
The revoker tool can do all of the following:
  • Specify which certificate or a list of certificates to revoke by listing the hexadecimal serial numbers.
  • Specify a revocation reason.
  • Specify an invalidity date.
  • Unrevoke a certificate that is currently on hold.

25.1. Syntax

The revoker utility has the following syntax:

revoker -s serialNumber -n rsa_nickname [[ -p password ] | [ -w passwordFile ]] [ -d dbdir ] [ -v ] [ -V ] [ -u ] [ -r reasoncode ] [ -i numberOfHours ] hostname [ :port ]

Option Description
s Gives the serial numbers in hexadecimal of the certificates to revoke. A hexadecimal serial number, for example, is like 0x31, or multiple serial numbers can be listed separated by commas, such as 0x44,0x64,0x22.
n Gives the agent certificate nickname.
p Gives the certificate database password. Not used if the -w option is used.
w Optional. Gives the path to the password file. Not used if the -p option is used.
d Optional. Gives the path to the security databases.
v Optional. Sets the operation in verbose mode.
V Optional. Gives the version of the revoker tool.
u Optional. Unrevokes a certificate, meaning that certificate status is changed from on hold to active.
r Gives the reason to revoke the certificate. The following are the possible reasons:
  • 0 - Unspecified (default).
  • 1 - The key was compromised.
  • 2 - The CA key was compromised.
  • 3 - The affiliation of the user has changed.
  • 4 - The certificate has been superseded.
  • 5 - Cessation of operation.
  • 6 - The certificate is on hold.
i Sets the invalidity date in hours from current time for when to revoke the certificate.
hostname Gives the hostname of the server to which to send the request. Depending on how DNS and the network are configured, this can be a machine name, fully-qualified domain name, or IPv4 or IPv6 address.
port Optional. Gives the agent's SSL port number of the server.
Red Hat logoGithubRedditYoutube

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.