|User Contributed Perl Documentation
persists the Certificate Revocation Request into the database, so that it can
then be used by the CRL issuance workflow. If the certificate is not in ISSUED
state or has already revocation details set, the activity will throw an
exception if the requested details do not match the already present data. This
can be relaxed by the enforce parameter
By default, those values are read from the context items with the same name. It
a key with this name exists in the activity definition, it has precedence over
the context value. If a given key has an empty value, the context is
not used as fallback.
- Must be one of the supported openssl reason codes, default is
- Epoch to be set as "key compromise time", the default backend
uses this only when reason_code is set to keyCompromise.
- Hold code for revocation reason "onHold" (not supported by the
- Set revocation_time, default is "now". This parameter must be
passed as activity param and has no fallback to the context.
- enforce (all|reason_code|none)
- The default mode depends on the parameters present in context or as action
parameters. If revocation_time is set, time and reason_code must match. If
no time but reason_code is set, then only the reson_code must match. If
neither one is set, the request is always accepted. In case the
reason_code is keyCompromise and the invalidity_time is set, it must also
match as long as you do not set enforce to none.
If you do not set revocation_time/reason_code but want to stop
if revocation data is present, you can enforce the same check level by
explicitly setting all or reason_code. In this case the
checks are done against the default values.
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.