+
+# Examples of CRL generation without the need to use 'ca' to issue
+# certificates.
+# Create zero length index file
+>index.txt
+# Create initial crl number file
+echo 01 >crlnum.txt
+# Add entries for server and client certs
+$OPENSSL ca -valid server.pem -keyfile root.pem -cert root.pem \
+ -config ca.cnf -md sha1
+$OPENSSL ca -valid client.pem -keyfile root.pem -cert root.pem \
+ -config ca.cnf -md sha1
+$OPENSSL ca -valid rev.pem -keyfile root.pem -cert root.pem \
+ -config ca.cnf -md sha1
+# Generate a CRL.
+$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
+ -md sha1 -crldays 1 -out crl1.pem
+# Revoke a certificate
+openssl ca -revoke rev.pem -crl_reason superseded \
+ -keyfile root.pem -cert root.pem -config ca.cnf -md sha1
+# Generate another CRL
+$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
+ -md sha1 -crldays 1 -out crl2.pem
+