OpenSSL invalid revocation date / update CRL?

Question

I have an index.txt file where I changed the value of a certificate - whose certificate file I do not have - from V to R to revoke it.

The index.txt looks as follows exemplarily:

V    220303095424Z     123456      unknown /bla 
R    220303104529Z     123457      unknown /bla ... CN=test1234

If I want to create a new certificate test1234, it says

invalid revocation date
 in entry 2

Question: What to do? Do I have to update the CRL.pem? If yes, how to that via OpenSSL?

Thanks.

score 0 · Answer 1 · answered Mar 12 '20 at 15:09

A revocation list can only be created, if a revocation time is specified in index.txt. You failed to specify that date.

Any line holding a revoked certificate needs to have an additional column with the revocation date, after the expiration date. Change the last line of your file to something like

R    220303104529Z   220305000000Z  123457      unknown /bla ... CN=test1234

and you should be good.

OpenSSL invalid revocation date / update CRL?

1 Answers1