[Swan] how/where to configure list of 'valid' certs

[Marc]

Hi John,

I am on el7 and alpine linux

> 
> Personally I keep my certificate generation completely separate from my
> Libreswan installation - I just import new certs and either delete or
> import a CRL as required.
> 

Yes I would like to have something similar, preferably stateless container. I have in the alpine linux container the root ca of some test certdb on el7. I am accepting everything from this root ca. So I just need to create a cert and I am done.

> >
> 
> I don't think you need to. The tool is for management of existing lists.
> 
> Just delete the certificate from the DB and it is revoked.
> 

I can't do that because certificates are in an external db on el7, the alpine linux container is not aware of this db. I have to specifically tell the alpine container that it is revoked. I chose this setup because I don't think I will need to revoke before the expiration date. But just in case, I like to be able to do this quickly.

On windows there is a command certutil -revoke, but on el7 I do not have this. So I was wondering how certs are put on this crl in the db.

I probably do not really get the concept here, this certutil is new to me.