15.2. Testing CMC Revocation

Test that CMC revocation is working properly by doing the following:
  1. Create a CMC revocation request for an existing certificate. For example, if the directory containing the agent certificate is ~jsmith/.mozilla/firefox/, the nickname of the certificate is CertificateManagerAgentCert, and the serial number of the certificate is 22, the command is as follows:
    CMCRevoke -d"~jsmith/.mozilla/firefox/" -n"Certificate Manager Agent Cert" -i"cn=agentAuthMgr" -s22 -m0 -c"test comment"
  2. Open the CA's end-entities page.
  3. Select the Revocation tab.
  4. Select the CMC Revoke link in the menu.
  5. Paste the output from the CMCRevoke operation into the text box. Remove the -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW CERTIFICATE REQUEST----- lines from the pasted content.
  6. Click Submit.
  7. The results page displays that certificate 22 has been revoked.