About CRLs598 Netscape Certificate Management System Administrator’s Guide • February 2003.\CMCRevoke -d -n-i -s -m -cFor example, if the directory containing the agent certificate is .netscape, thenickname of the certificate is RegistartionManagerAgentCert, and the serialnumber of the certificate is 22, the command would look like this:.\CMCRevoke -d".\.netscape" -n"RegistartionManagerAgentCert"-i"cn=agentAuthMgr" -s22 -m0 -c"test comment"3. Go to the end entity interface at the following URL:https://localhost/ca/4. Select the Revocation Tab.5. Select the CMC Revoke link on the menu.6. Paste the output of step 2 into the text areaRemove "-----BEGIN NEW CERTIFICATE REQUEST-----" and "----END NEWCERTIFICATE REQUEST-----" from the pasted content.7. Click Submit.8. Verify that the returned page confirms that the certificate 22 has been revoked.About CRLsServer and client applications that use public-key certificates as tokens ofidentification need access to information about the validity of a certificate; becauseone of the factors that determines the validity of a certificate is its revocation status,these applications need to know whether the certificate being validated has beenrevoked. In that regard, the CA has a responsibility to do the following:• Revoke the certificate if any of the certificate assertions becomes false.• Make the revoked certificate status available to parties or applications thatneed to verify its validity status.Whenever a certificate is revoked the Certificate Manager automatically updatesthe status of the certificate in its internal database—it marks the copy of thecertificate in its internal database as revoked and removes the revoked certificatefrom the publishing directory, if the Certificate Manager is configured to removethe certificate from the database.
