问题
I'm using self-signed certificates for testing, how can I generate certificate revocation list to test cert verification? Has keytool in JDK provided such functionalities?
Thanks!
回答1:
OpenSSL http://www.openssl.org/
The CA (included) is excellent for testing simple PKIs. Perhaps a little bit daunting at first, but there is plenty of info around.
For CRLs, the out of the box setup should do the trick for you: https://www.openssl.org/docs/manmaster/man1/ca.html#CRL-OPTIONS
All the best.
来源:https://stackoverflow.com/questions/5753671/how-to-generate-a-crl-certificate-revocation-list-file