Revoking Client Certificates and Renewing CRLs

Once you have chosen to create your own CA and issue client certificates by yourself, the moment will come when a client certificate you have issued may become invalid (for any reason, either it was compromised, or client is not granted access any more). There's a concept of certificate revocation list (CRL). CRL is a list of certificates (their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user.

This list may be empty or may be populated with some certificates serials, anyway ClearBox needs this list. It may be produced by Certificates Wizard:

Specify the password for your ca private key:

In order to revoke a certificate, select it from the list and click Next. If only CRL should be renewed without revoking any, don't select anything:

Finally, Certificates Wizard will create a new CRL and put it into the server's folder.