Configuring a Sample CRL

In the following example, a CRL list with certificate authorities is located in a directory with a hashed file name.

Prerequisites

Ensure that you already have a CRL list configured with the file name.

Procedure

  1. On the command line, navigate to the $CFROOT/config directory.
  2. Type the following command to replace the my.crl file with the absolute file path.
    ./openssl crl -hash -noout -in my.crl
    The output screen is expected to be: 
    > ./openssl crl –hash –noout –in my.crl
592b5bc9
    In this case, the hashed value is generated as 592b5bc9.
  3. Type the following commands with the generated hash value in Step 2.

    cp <your certificate authority file> /usr/CAfiles/592b5bc9.0

    cp my.crl /usr/CAfiles/592b5bc9.r0

  4. Open the $CFROOT/config/config.txt file, modify the CAPath parameter to the directory where you have placed the hashed files in Step 3.
    For this example, the CAPath parameter is set to /usr/CAfiles.