After you have revoked all known compromised certificates,
you should create a Certificate Revocation List (CRL). You can create
a CRL using the HP SSL Certificate Tool.
To create a CRL, perform the following steps:
From the Main
Menu, select Option 8 - Create a Certificate Revocation List.
Enter the filenames of the
Certificate Authority (CA) certificate and key.
Enter the filename of the
Certificate Revocation List. This is the file into which the CRL
will be written.
Enter the number of days
until the next CRL will be issued. Certificate Authorities typically
issue CRLs on a periodic basis to maintain the current status of
the certificates that it has signed.
Enter the PEM passphrase
of the CA's key.
The Certificate Tool then creates the CRL in the specified
file.
