xca-8.html

一个跨平台的CA系统 实现了数字证书的制作、SSL安全通讯、加解密操作等功能

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>XCA : Certificate Revocation Lists</TITLE>
 <LINK HREF="xca-9.html" REL=next>
 <LINK HREF="xca-7.html" REL=previous>
 <LINK HREF="xca.html#toc8" REL=contents>
</HEAD>
<BODY>
<A HREF="xca-9.html">Next</A>
<A HREF="xca-7.html">Previous</A>
<A HREF="xca.html#toc8">Contents</A>
<HR>
<H2><A NAME="s8">8.</A> <A HREF="xca.html#toc8">Certificate Revocation Lists</A></H2>

<P>All certificates are issued for a restricted timeperiod of validity.
However it can happen that a certificate shoud not be used / becomes invalid
before the "not after" time in the certificate is reached. In this case
the issuing CA should revoke this certificate by putting it on the list of 
revoked certificates, signing it and publishing it.</P>

<H2><A NAME="ss8.1">8.1</A> <A HREF="xca.html#toc8.1">Generation of Certificate revocation lists</A>
</H2>

<P>In XCA this can be done by the context-menu of the CA and the 
"revoke" entry in the context-menu of the issued certificate.
First all invalid certificates are marked as revoked and 
then a Certificate Revocation List should be created and will be stored in the
database. </P>


<HR>
<A HREF="xca-9.html">Next</A>
<A HREF="xca-7.html">Previous</A>
<A HREF="xca.html#toc8">Contents</A>
</BODY>
</HTML>