000021572 - How to remove an RSA Keon Certificate Authority certificate listed in CRL

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021572
Applies ToKeon Certificate Authority 6.x
Certificate Revocation List (CRL)
IssueHow to remove an RSA Keon Certificate Authority certificate listed in CRL
ResolutionTo remove a revoked certificate from a CRL, follow these steps:

1. Find the revoked certificate on the KCA Admin Console using the Certificate Operations Workbench

2. Delete the revoked certificate

3. Shut down the KCA

4. Go to <KCA_INSTALL>/Xudad/db directory/folder

5. Delete these files for your CA that CRL corresponds to (e.g. Root1 CA):

    Root1.dicl
    Root1.drcl
    Root1.dscl
    Root1.licl
    Root1.lrcl
    Root1.lscl

These files are created by KCA to make CRL generation quicker (like a cache)

6. Start KCA

7. Through KCA Admin Console --> CA Operations --> generate a complete CRL for Root1 CA

The CRL will now be created from scratch, and will not show the revoked certificate since it has been deleted from the database.
Legacy Article IDa23755

Attachments

    Outcomes