\u767a\u884c\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u5931\u52b9\u3055\u305b\u308b<\/p>\n
openssl ca -gencrl -revoke client.crt -out ssl.crl\/cert.crl<\/code><\/pre>\n\u300c-out ssl.crl\/cert.crl\u300d\u306fapache\u3067\u306f\u3001<\/p>\n
SSLCARevocationFile \/hoge\/ssl.crl\/cert.crl<\/code><\/pre>\n\u3067\u6307\u5b9a\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3001\u307e\u305f\u3001<\/p>\n
SSLCARevocationPath \/hoge\/ssl\/ssl.crl<\/code><\/pre>\n\u306eFile\u3068Path\u306f\u540c\u6642\u306b\u4f7f\u7528\u3067\u304d\u306a\u3044\u3089\u3057\u3044\u3053\u3068\u3068\u3001Path\u306e\u5834\u5408\u306fCRL\u3092\u30cf\u30c3\u30b7\u30e5\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\uff08\u3084\u308a\u304b\u305f\u306f\u3069\u3063\u304b\u306b\u66f8\u3044\u3066\u3042\u3063\u305f\u3051\u3069\u4e0d\u660e(^^;\uff09<\/p>\n
\u5931\u52b9\u3055\u305b\u308b\u3068index\u30d5\u30a1\u30a4\u30eb\u306e\uff11\u30ab\u30e9\u30e0\u76ee\u304c\u300cR\u300d\u306b\u306a\u308a\u307e\u3059\u3002\u6709\u52b9\u306a\u306e\u306f\u300cV\u300d\u3067\u3059\u3002(Revoke,Valid\u304b\u306a)<\/p>\n
\/pathto\/hogeCA\/index.txt\nR 350728073327Z 050804074628Z 01 unknown \/C=JP\/ST=hogehoge\uff5e\uff5e<\/code><\/pre>\n\n\u3053\u306eCRL(\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8)\u30d5\u30a1\u30a4\u30eb\u306b\u3064\u3044\u3066\u6ce8\u610f\u70b9\u306f\u3001\u300c-gencrl\u300d\u3057\u305f\u969b\u306b\u3001
\nopenssl.conf \u5185\u306e\u300cdefault_crl_days\u300d\u306e\u5024\u304b\u3001openssl\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u300c-crldays\u300d\u306e\u5024\u3067\u3001\u6b21\u306eCRL\u30d5\u30a1\u30a4\u30eb\u306e\u767a\u884c\u4e88\u5b9a\u65e5\u304cCRL\u30d5\u30a1\u30a4\u30eb\u5185\u306b\u30bb\u30c3\u30c8\u3055\u308c\u307e\u3059\u3002\u3053\u306e\u671f\u9650\u304c\u304f\u308b\u307e\u3067\u306b\u3001CRL\u3092\u66f4\u65b0\u3057\u306a\u3044\u3068\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u6a5f\u80fd\u304c\u52d5\u304b\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3059\u3002Apache\u306e\u30a8\u30e9\u30fc\u30ed\u30b0\u306bCRL has expired\u3068\u304b\u3063\u3066\u306a\u3063\u3066\u3001\u6709\u52b9\u306a\u8a3c\u660e\u66f8\u3067\u3082\u3064\u306a\u304c\u3089\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n
[Thu Jan 11 16:12:12 2007] [warn] Found CRL is expired - revoking all certificates until you get updated CRL\n[Thu Jan 11 16:12:12 2007] [error] Certificate Verification: Error (12): CRL has expired\n<\/code><\/pre>\n\u7834\u68c4\u3059\u308b\u8a3c\u660e\u66f8\u304c\u306a\u304f\u3066\u3082\u3001\u6b21\u306e\u66f4\u65b0\u65e5\u304c\u304d\u305d\u3046\u306a\u3089\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u3057\u3066\u304a\u3051\u3070\u66f4\u65b0\u65e5\u3060\u3051\u66f4\u65b0\u3055\u308c\u307e\u3059\u3002<\/p>\n
openssl ca -gencrl -out ssl.crl\/cert.crl<\/code><\/pre>\n\u4e2d\u8eab\u306e\u78ba\u8a8d<\/p>\n
openssl crl -in .\/ssl.crl\/cert.crl -text\nLast Update: \u6700\u7d42\u66f4\u65b0\u65e5\nNext Update: \u6b21\u56de\u66f4\u65b0\u65e5\n<\/code><\/pre>\n\n\u3082\u3046\u3072\u3068\u3064\u3001CRL\u30d5\u30a1\u30a4\u30eb\u3092\u66f4\u65b0\u3057\u3066\u3082\u3001SSLCARevocationFile or Path \u306fApache\u3092\u518d\u8d77\u52d5\u3057\u306a\u3044\u3068\u8aad\u307f\u8fbc\u307e\u308c\u306a\u3044\u306e\u3067\u3001\u66f4\u65b0\u3057\u305f\u969b\u306fApache\u306e\u518d\u8d77\u52d5\u304c\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
\uff1c\u8ffd\u8a18\uff1e
\nCentOS\uff15\u306e\u5834\u5408\u306f\u3001crlnumber\u3092\u4f5c\u6210\u3057\u3066\u304a\u304b\u306a\u3044\u3068\u30c0\u30e1\u304b\u3082<\/p>\n
cd \/var\/www\/ssl\necho '00' > hogeCA\/crlnumber\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u767a\u884c\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u5931\u52b9\u3055\u305b\u308b openssl ca -gencrl -revoke client.crt -out ssl.crl\/cert.crl \u300c-out ssl.crl\/cert.crl\u300d\u306fapache … “\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u5931\u52b9\u3068CRL(apache)”\u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-202","post","type-post","status-publish","format-standard","hentry","category-linux"],"views":17105,"_links":{"self":[{"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":1,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":722,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/posts\/202\/revisions\/722"}],"wp:attachment":[{"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tksm.org\/wp\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}