For the adventurous:
I have a CRL responder running at
"crl-service(_at_)bs(_dot_)mit(_dot_)edu(_dot_)" You
can send your CRL to the server by first creating it and putting it in a
file:
TIS/PEM example: catscc -certs -crl -issuer [your-issuer-alias] >/tmp/foo
(substitute the alias you assigned your CA when you initialized pem in
place of the [your-issuer-alias] *don't type the square brackets*).
Send this file to crl-service(_at_)bs(_dot_)mit(_dot_)edu, you will get
back an
automated response.
Now of course a CRL responder isn't much use if you cannot fetch
CRLs! So to do this create a CRL request message.
TIS/PEM example: catscc -crlreq -issuer [alias-of-who-you-want] >/tmp/foo
and send /tmp/foo to crl-service(_at_)bs(_dot_)mit(_dot_)edu(_dot_) You
will get an
automated response which will include the CRL you requested if it is in
the responder's database. Of course TIS/PEM users will first need to
define an alias (use the pemalias program) for the distinquished name of
the CA whose CRl they are interested in.
I have enclosed a sample CRL-REQUEST message which will fetch
MIT's certificate and CRL.
-Jeff
Begin Enclosure:
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,CRL-RETRIEVAL-REQUEST
Issuer: MEoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEuMCwGA1UEChMlTWFzc
2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neQ==
-----END PRIVACY-ENHANCED MESSAGE-----