Configuring a Sample CRL
In the following example, a CRL list with certificate authorities is located in a directory with a hashed file name.
Before you beginEnsure that you already have a CRL list configured with the file name.
- Procedure
- On the command line, navigate to the $CFROOT/util directory.
- Type the following command to replace the
my.crl file with the absolute file path.
./openssl crl -hash -noout -in my.crl
The output screen is expected to be:./openssl crl –hash –noout –in my.crl 592b5bc9
In this case, the hashed value is generated as 592b5bc9. - Type the following commands with the generated hash value in Step 2.
cp <your certificate authority file> /usr/CAfiles/592b5bc9.0
cp my.crl /usr/CAfiles/592b5bc9.r0
- Open the
$CFROOT/config/config.txt file, modify the
CAPath parameter to the directory where you have placed the hashed files in Step 3.
For this example, the CAPath parameter is set to
/usr/CAfiles
.