Revoking certificates and publishing CRL

1. Access the OpenXPKI server.

   

   1. From a web browser, type http://ipaddress/openxpki/.

   

   2. Log in as Operator. The default password is openxpki.

      Note:  The Operator login has two preconfigured operator accounts, raop and raop2.



2. Click Workflow Search > Search now.



3. Click a certificate to revoke, and then click the certificate link.



4. From the Action section, click revocation request.



5. Type the appropriate values, and then click Continue > Submit request.



6. On the next page, approve the request. The certificate revocation is waiting for the next CRL publish.



7. From the PKI Operation section, click Issue a certificate revocation list (CRL).



8. Click Enforce creation of revocation lists > Continue.



9. From the PKI Operation section, click Publish CA/CRL.



10. Click Workflow Search > Search now.



11. Click the revoked certificate with a certificate_revocation_request_v2 type.



12. Click Force wake up.

In the new CRL, you can find the serial number and the revocation reason of the revoked certificate.