pkiutil issuecrl -createnew

Issues an empty CRL.

pkiutil issuecrl -createnew -cacert <cacert> -caprivkey <caprivkey> -crlfile <crlfile>

For example:

pkiutil issuecrl -createnew -cacert compositeca.pem -caprivkey priv.pem -crlfile composite.crl

See below for a description of each option.

-cacert <cacert>

Select the CA using <cacert>, where <cacert> is the name of a file containing the CA certificate.

Mandatory: Yes.

-caprivkey <caprivkey>

Sign the CRL with the <caprivkey> key, where <caprivkey> is the name of a file containing a CA private key.

Mandatory: Yes.

-crlfile <crlfile>

Save the CRL in a file with the <crlfile> name.

Mandatory: Yes.