Understanding the RevokeCertificate Script

The RevokeCertificate command is a shell script included with the Demo CA optional component. It revokes an existing certificate in an existing instance of the Demo CA. See About the Demo CA for more information.

Syntax:

RevokeCertificate DemoCA-directory certificate-path

Parameters:

DemoCA-directory
The directory containing your existing Demo CA instance.
certificate-path
The path to a file containing the certificate to be revoked.
Note: Each Demo CA instance includes copies of all the certificates it has signed, under the entities directory and under the intermediate/certs directory; these copies can be used to revoke specific certificates.

Comments:

Revoking a certificate in Demo CA informs the CA that the certificate is no longer valid. It updates the Demo CA instance's database of certificates, and also updates the Certificate Revocation List (CRL) that Demo CA maintains.
Note: That Visual COBOL components do not currently make use of the CRL.

The main purpose in revoking a certificate in Demo CA is to make the same certificate identity Distinguished Name (DN) available for a new certificate to use.

The Visual COBOL product must be configured properly in the shell environment before invoking this script.