15.2. Testing CMC Revocation
Test that CMC revocation is working properly by doing the following:
- Create a CMC revocation request for an existing certificate. For example, if the directory containing the agent certificate is
~jsmith/.mozilla/firefox/
, the nickname of the certificate isCertificateManagerAgentCert
, and the serial number of the certificate is22
, the command is as follows:CMCRevoke -d"~jsmith/.mozilla/firefox/" -n"Certificate Manager Agent Cert" -i"cn=agentAuthMgr" -s22 -m0 -c"test comment"
- Open the CA's end-entities page.
- Select the Revocation tab.
- Select the CMC Revoke link in the menu.
- Paste the output from the
CMCRevoke
operation into the text box. Remove the-----BEGIN NEW CERTIFICATE REQUEST-----
and----END NEW CERTIFICATE REQUEST-----
lines from the pasted content. - Click Submit.
- The results page displays that certificate 22 has been revoked.