Creating your own certificate revocation list – Nortel Networks NN46120-104 User Manual

Creating Your Own Certificate Revocation List

119

Creating Your Own Certificate Revocation List

You can easily build and manage certificate revocation lists for client
certificates issued within your own organization. The CRL can then be
added by using TFTP/FTP/SCP/SFTP. For more information about how to
accomplish this, see

“Revoking Client Certificates Issued within your Own

Organization” (page 117)

.

Step

Action

1

Open a text editor and create a new file.

2

Decide if you want to add serial numbers in decimal form, or
in hexadecimal form.

If you choose to add serial numbers for client certificates to
revoke in decimal form, add a paragraph in the text document
that reads:

ASCII revocation

Or, if you choose to add serial numbers in hexadecimal form,
add a paragraph in the text document that reads:

HEX ASCII revocation

Note: You can add comments to a CRL ASCII file by
preceding your comments with the # character. Each new line
of comments must begin with the # character. Comments can
be used for providing information about the date of issue or
last update, for example. You can cancel the revocation of a
client certificate by inserting the # character at the beginning
of the line containing the desired serial number.

3

Add the serial numbers of the client certificates you want
to revoke.

For a CRL in decimal format, simply list the serial numbers the
ASCII revocation paragraph. For example:

# CRL for CA certificate 1

# Issued first: 2005-01-01

# Last update: 2005-02-01

ASCII revocation

500

501

590

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.