On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Leone
> Sent: Monday, February 24, 2020 09:37
> SO I was an idiot, and signed a certificate, but specified an invalid location. i.e.,
> I used a "/" instead of a "/" in the location.
I assume that was supposed to be 'a "\" instead of a "/"', based on what you have below.
Yes, I had it backwards. And I was able to find the file, and properly revoke it, after sending my initial email. I just haven't had time to go back and tell the list.
> $ sudo openssl ca -in requests/<client>.req -out certs\<client>-2020-02-24.<FQDN>
>
> And so I can't find that cert file anywhere (obviously).
That's not obvious at all.
I meant - obviously it's not in the subdirectory I thought it would be in ...
Does your CA configuration not have a new_certs_dir? Normally it will create a copy of the certificate there, under the serial number.
> I know the serial number of the wrongly issued cert, I had hoped I could revoke
> using just the serial number. But searches tell me I can't do it that way.
Well, you *can*, by editing the CA's index.txt file directly. You can create and revoke a test certificate to see what the altered line should look like. (It will start with "R" instead of "V", and have a revocation date. Fields are separated by tabs.)
Interesting. Thanks.
