TLS client certificate REVOCATION


Recently I revoked a tls certificate of a client using opensscl command. The client certificate i generated using the script of ast_tls_cert.

I edited tmp.cfg (which is the configuration file of openssl command to generate certificates) in order to revoke the client certificate.

when revocation takes place, the only change that happens is that there is an update in a database created in the same directory which is (/etc/asterisk/keys), the database is a file called index.txt.

The problem is that revocation is not similar to creation of a certificate file. Creation of a file does not need a database since it does not compare client cert in order to authenticate, where as for revocation it has to check if this certificate is added in this database and then it is classified as REVOKED.

Now, in asterisk pjsip.conf where we configure the tls transport there is no parameter that allows us to pass the database (index.txt) in order to allow revocation process successful.

So how to do it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.