Revoking Certificate with CMC Shared Token

Overview

This page describes the process to revoke a certificate using CMC shared token.

It assumes that:

The CA admin has created an issuance protection certificate.
The CA admin has configured CMC shared token authentication.
The CA admin has generated a CMC shared token for revoking the certificate.

Creating CMC Request

To create a CMC request prepare a CMCRequest configuration file (e.g. /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-request.cfg) and store the certificate serial number in the revRequest.serial property:

$ cp \
    /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-request.cfg \
    testuser-cmc-revocation-request.cfg

$ sed -i \
    -e "s/^\(revRequest.serial\)=.*/\1=<serial number>/" \
    testuser-cmc-revocation-request.cfg

Then execute the following command:

$ CMCRequest testuser-cmc-revocation-request.cfg

Submitting CMC Request

To submit the CMC request prepare an HttpClient configuration file (e.g. /usr/share/pki/tools/examples/cmc/testuser-cmc-revocation-submit.cfg), then execute the following command:

$ HttpClient testuser-cmc-revocation-submit.cfg

Processing CMC Response

To process the CMC response:

$ CMCResponse \
    -d /root/.dogtag/nssdb \
    -i testuser.cmc-revocation-response

Revoking Certificate with CMC Shared Token

Overview

Creating CMC Request

Submitting CMC Request

Processing CMC Response

See Also

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!