- Once you've created a certificate, eventually you are going to have to revoke it, and even if that's just to renew it, really, I mean if you have created a certificate and it's gonna last, say, a year, or maybe three years, ultimately that certificate will have to be renewed, and before you can renew it, you have to revoke it. So this movie is about how to revoke a certificate. Here is our certificate directory here, we've created this. Open this, a cell directory, that's got "groundswell" in it, and inside of that we've created our hierarchy, you've watched chapter five, so you know how to create all of these things, Now I'm going to tell you how to revoke it.
Let's go to our terminal application: Utilities, Terminal... I'm going to type in this command and then I'm going to tell you what it does. You saw me do something kinda nifty, there. That's a Mac OS X cool thing. You can just drag files in from the Finder into the Terminal and they'll complete the entire path for you, which is nice. Any way, you saw me do the "sudo -s" thing. Necessary, now we're into a "superuser do" session. We're issuing the "openssl" command with the "ca" verb, and we're "-revoke"-ing, so we're revoking here and we're going to revoke this certificate.
Okay, so all I'm going to do is issue this command, type the passcode that we associated with that certificate, it revokes the certificate, and updates the database. So, what database did it update? Well, here we are, we've got our certificate information in here, so this gives us a serial number. Before, we only had the 15 serial number. Now we've got the 14 as well. We've got an updated database in here, so we've revoked our groundswell.pem certificate and that has been updated in our internal database.
What we're gonna do in the next movie is move onto the next step in this process.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.