revokeCertificate 命令

revokeCertificate 命令使用传递到用于与认证中心 (CA) 服务器通信的实现类,以撤销证书。处理此命令将向 CA 服务器发出撤销请求,以将此证书标记为已撤销。

位置

profile_root/bin 目录发出该命令。

语法

命令语法如下所示:

(为了便于打印,命令拆分为多行。)[AIX][HP-UX][Linux][Solaris]
revokeCertificate.sh -host<caHost> -port<caPort> -username<caUserName> -password<caPassword> 
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias>
 -pkiImplClass<customCAClient>[options]
[Windows]
revokeCertificate.bat -host<caHost> -port<caPort> -username<caUserName> -password<caPassword> 
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias>  -alias<certificateAlias> 
-pkiImplClass<customCAClient>[options]
[z/OS]
revokeCertificate.sh -host<caHost> -port<caPort> -username<caUserName>  -password<caPassword> 
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias> -alias<certificateAlias> 
-pkiImplClass<customCAClient>[options]
[IBM i]
revokeCertificate -host<caHost> -port<caPort> -username<caUserName>  -password<caPassword>
-revocationPassword<revocationPassword> -keystoreAlias<keystoreAlias>  -alias<certificateAlias> 
-pkiImplClass<customCAClient>[options]

必需参数

revokeCertifcate 命令使用以下必需参数:
-host caHost
指定请求将发送到的目标认证中心主机。
-port caPort
指定要连接的目标端口。
-username caUserName
指定用于获取对认证中心访问权的用户名。
-password caPassword
指定用于向认证中心认证的密码。
-revocationPassword revocationPassword
指定认证中心返回的证书上要设置的密码。在每个请求期间,撤销密码将发送到认证中心,并与发出的每个证书相关联。要在稍后撤销证书,必须在 revokeCertificate 请求期间发送同一撤销密码。
keyStoreAliaskeyStoreAlias
指定位于概要文件的 ssl.client.props 文件中的密钥库(CA 签署的证书将添加至该密钥库中)名称。对于受管环境或非受管环境,此文件通常是 ClientDefaultKeyStore 文件。
-alias certificateAlias
指定要撤销的证书请求的别名。证书存储在请求上指定的密钥库中。
-pkiImplClass custom CA Client
实现 WSPKIClient 接口的类。实现类处理到 CA 服务器的所有通信。这可以是定制类,或随产品提供的类。

可选参数

以下选项可用于 revokeCertificate 命令:

-revocationReasonUsage revocation reason
撤销证书的原因。缺省值为“unspecified”。
-customAttrs customAttr1=value;customAttr2=value;...
以分号分隔的将传递到定制实现类的 custom name=value 对列表。此参数提供了一种将定制信息传递到实现类的方式。“attr”和“value”对将转换为散列映射,并传递到实现类。
-logfile filename
覆盖缺省跟踪文件。缺省情况下,跟踪显示在 profiles/profile_name/log/caClient.log 文件中。
-trace
当指定了 -trace 时,它启用对调试此组件所必需的跟踪规范的跟踪。缺省情况下,跟踪显示在 profiles/profile_name/log/caClient.log 文件中。
-replaceLog
此选项导致执行命令时替换现有跟踪文件。-quit
-quiet
此选项禁止在控制台上打印出大多数消息。
-help
此选项可打印用法语句
-?
此选项可打印用法语句

用法

以下示例执行 revokeCertificate:

[AIX][HP-UX][Linux][Solaris]
revokeCertificate.sh -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
           CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
           After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
[Windows]
C:\opt\WebSphere\AppClient\bin>revokeCertificate.bat -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
           CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
           After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
[z/OS]
revokeCertificate.sh -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
           CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
           After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified
[IBM i]
revokeCertificate -host localhost -port 1077
-username pkiuser -password webspherepki -alias cert1 -keyStoreAlias ClientDefau
ltKeyStore -revocationPassword webspherepki
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0461I: Revoking a CA signed certificate.
CWPKI0462I: CA Signed Certificate Revoked [Issued By: O=IBM, C=US, Issued To:
           CN=mycn, O=ibm, C=us, Not Before: Thu Feb 22 09:07:53 CST 2007, Not
           After: Sat Feb 16 10:09:19 CST 2008] for reason: unspecified

指示主题类型的图标 参考主题



时间戳记图标 最近一次更新时间: last_date
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rsec_7revokecacertcmd
文件名:rsec_7revokecacertcmd.html