Closed kk44 closed 6 years ago
My latest commit adds a CRL mechanism for blacklisting client certs on the server.
Launch the server with an additional parameter: -crl <path_to_json_crl_file>. You can make an empty CRL file with echo "[]" > crl.json.
-crl <path_to_json_crl_file>
echo "[]" > crl.json
To blacklist a cert, run subnet like this:
./subnet -mode blacklist-cert -crl crl.json client.certPEM "Private key accidentally committed to github"
When launched with -crl the server will reload its blacklist from disk every 2 minutes.
-crl
My latest commit adds a CRL mechanism for blacklisting client certs on the server.
Launch the server with an additional parameter:
-crl <path_to_json_crl_file>
. You can make an empty CRL file withecho "[]" > crl.json
.To blacklist a cert, run subnet like this:
When launched with
-crl
the server will reload its blacklist from disk every 2 minutes.