Chapter 15. CMC Revocation

Chapter 15. CMC Revocation

15.1. Syntax
15.2. Testing CMC Revocation

The CMC Revocation utility, CMCRevoke, signs a revocation request with an agent's certificate.

15.1. Syntax

This utility has the following syntax:

CMCRevoke -d directoryName -n nickname -i issuerName -s serialName
 -m reasonToRevoke -c comment
Option Description
d The path to the directory where the cert8.db, key3.db, and secmod.db databases containing the agent certificates are located.
n The nickname of the agent's certificate.
i The issuer name of the certificate being revoked.
s The decimal serial number of the certificate being revoked.
m The reason the certificate is being revoked. The reason code for the different allowed revocation reasons are as follows:

  • 0 - Unspecified.

  • 1 - Key compromised.

  • 2 - CA key compromised.

  • 3 - Affiliation changed.

  • 4 - Certificate superseded.

  • 5 - Cessation of operation.

  • 6 - Certificate is on hold.
c Text comments about the request.

Table 15.1. 

NOTE

Surround values that include spaces in quotation marks.