[gnutls-help] CTL generation

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Aug 11 13:30:17 CEST 2017

On Thu, Aug 10, 2017 at 5:13 PM, Gregory Sloop <gregs at sloop.net> wrote:
> I *think* I understand how to use certtool to generate a CRL - however,
> trying to get explicit confirmation.
> In the case where you have more than one revoked cert:
> Will it work to concatenate all the revoked certs into a single file and
> include all the certs with one --load-certificate
> file-of-concatenated-certs.pem ? [It sure looks that way, but just double
> checking.]

That's the idea. Note however that some old versions of certtool had a
cap on the file size they were reading, so they could choke on large
files and generate incomplete CRLs. If you use anything later than
3.3.18 you should be fine.


More information about the Gnutls-help mailing list