revokeCertificate 命令
revokeCertificate 命令使用传递到用于与认证中心 (CA) 服务器通信的实现类,以撤销证书。处理此命令将向 CA 服务器发出撤销请求,以将此证书标记为已撤销。
位置
从 profile_root/bin 目录发出该命令。
语法
命令语法如下所示:
(为了便于打印,命令拆分为多行。)![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
![[Windows]](../images/windows.gif)
![[z/OS]](../images/ngzos.gif)
![[IBM i]](../images/iseries.gif)
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
revokeCertificate.sh -host<caHost> -port<caPort> -username<caUserName> -password<caPassword>
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias>
-pkiImplClass<customCAClient>[options]
![[Windows]](../images/windows.gif)
revokeCertificate.bat -host<caHost> -port<caPort> -username<caUserName> -password<caPassword>
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias>
-pkiImplClass<customCAClient>[options]
![[z/OS]](../images/ngzos.gif)
revokeCertificate.sh -host<caHost> -port<caPort> -username<caUserName> -password<caPassword>
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias>
-pkiImplClass<customCAClient>[options]
![[IBM i]](../images/iseries.gif)
revokeCertificate -host<caHost> -port<caPort> -username<caUserName> -password<caPassword>
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias>
-pkiImplClass<customCAClient>[options]
必需参数
revokeCertifcate 命令使用以下必需参数:
- 指定请求将发送到的目标认证中心主机。
- 指定要连接的目标端口。
- 指定用于获取对认证中心访问权的用户名。
- 指定用于向认证中心认证的密码。
- 指定认证中心返回的证书上要设置的密码。在每个请求期间,撤销密码将发送到认证中心,并与发出的每个证书相关联。要在稍后撤销证书,必须在 revokeCertificate 请求期间发送同一撤销密码。
- 指定位于概要文件的 ssl.client.props 文件中的密钥库(CA 签署的证书将添加至该密钥库中)名称。对于受管环境或非受管环境,此文件通常是 ClientDefaultKeyStore 文件。
- 指定要撤销的证书请求的别名。证书存储在请求上指定的密钥库中。
- 实现 WSPKIClient 接口的类。实现类处理到 CA 服务器的所有通信。这可以是定制类,或随产品提供的类。
可选参数
以下选项可用于 revokeCertificate 命令:
- 撤销证书的原因。缺省值为“unspecified”。
- 以分号分隔的将传递到定制实现类的 custom name=value 对列表。此参数提供了一种将定制信息传递到实现类的方式。“attr”和“value”对将转换为散列映射,并传递到实现类。
- 覆盖缺省跟踪文件。缺省情况下,跟踪显示在 profiles/profile_name/log/caClient.log 文件中。
- 当指定了 -trace 时,它启用对调试此组件所必需的跟踪规范的跟踪。缺省情况下,跟踪显示在 profiles/profile_name/log/caClient.log 文件中。
- 此选项导致执行命令时替换现有跟踪文件。-quit
- 此选项禁止在控制台上打印出大多数消息。
- 此选项可打印用法语句
- 此选项可打印用法语句
用法
以下示例执行 revokeCertificate:
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
revokeCertificate.sh -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
![[Windows]](../images/windows.gif)
C:\opt\WebSphere\AppClient\bin>revokeCertificate.bat -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
![[z/OS]](../images/ngzos.gif)
revokeCertificate.sh -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
![[IBM i]](../images/iseries.gif)
revokeCertificate -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified