Revoking certificates and publishing CRL

  1. Access the OpenXPKI server.
    1. From a web browser, type http://ipaddress/openxpki/.
    2. Log in as Operator. The default password is openxpki.
      Note: The Operator login has two preconfigured operator accounts, raop and raop2.
  2. Click Workflow Search > Search now.
  3. Click a certificate to revoke, and then click the certificate link.
  4. From the Action section, click revocation request.
  5. Type the appropriate values, and then click Continue > Submit request.
  6. On the next page, approve the request. The certificate revocation is waiting for the next CRL publish.
  7. From the PKI Operation section, click Issue a certificate revocation list (CRL).
  8. Click Enforce creation of revocation lists > Continue.
  9. From the PKI Operation section, click Publish CA/CRL.
  10. Click Workflow Search > Search now.
  11. Click the revoked certificate with a certificate_revocation_request_v2 type.
  12. Click Force wake up.

In the new CRL, you can find the serial number and the revocation reason of the revoked certificate.