X509MakeCRL Method

Create an X.509 Certificate Revocation List (CRL).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static int MakeCRL(
	string crlFile,
	string issuerCert,
	string issuerKeyFile,
	string password,
	string revokedCertList,
	string extensions,
	SigAlgorithm sigAlg,
	X509CrlOptions opts
)

Public Shared Function MakeCRL ( 
	crlFile As String,
	issuerCert As String,
	issuerKeyFile As String,
	password As String,
	revokedCertList As String,
	extensions As String,
	sigAlg As SigAlgorithm,
	opts As X509CrlOptions
) As Integer

Parameters

crlFile String

name of new CRL file to be created

issuerCert String

name of issuer's X.509 certificate file (or base64 representation)

issuerKeyFile String

name of issuer's encrypted private key file

password String

password for Issuer's encrypted private key file

revokedCertList String

list of revoked certificates in format serialNumber,revocationDate; ... or the empty string "" for no revoked certificates. See the Remarks section below for more details

extensions String

A list of attribute-value pairs separated by semicolons (;) or the empty string "". Valid attribute-value pairs are:

lastUpdate=iso-date-string
nextUpdate=iso-date-string

sigAlg SigAlgorithm

Signature algorithm.

opts X509CrlOptions

Options

Return Value

Int32
If successful, the return value is zero; otherwise it returns a non-zero error code.

Remarks

This creates a version 1 CRL file with no extensions or cRLReason's. The parameter revokedCertList must be in the form serialNumber,revocationDate;serialNumber,revocationDate; .... The serialNumber must either be a positive decimal integer (e.g. 123) or the number in hex format preceded by #x (e.g. #x0102deadbeef). The revocation date must be in ISO date format (e.g. 2009-12-31T12:59:59Z). For example,

"1,2007-12-31; 2, 2009-12-31T12:59:59Z; 66000,2066-01-01; #x0102deadbeef,2010-02-28T01:01:59"

By default, the lastUpdate time in the CRL is set to the time given by the system clock, and nextUpdate time is left empty. You can specify your own times using the lastUpdate and nextUpdate attributes in the extensions parameter. Times, if specified, must be in ISO 8601 format and are always interpreted as GMT times whether or not you add a "Z".

Reference

X509 Class

CryptoSysPKI Namespace