DRM Revocation List Manager

Use the Primetime DRM Revocation List Manager command-line tool ( AdobeRevocationListManager.jar) to create and manage revocation lists, and to check whether policies have been revoked.

Before you run AdobeRevocationListManager.jar, you must set properties in the Policy Update List Manager and Revocation List Manager Properties section of your configuration file.

NOTE

You can also specify all Revocation List Manager properties from the command line.

Revocation List Manager command-line usage

java -jar AdobeRevocationListManager.jar
<i class="+ topic ph hi-d="" i "="">
 destfile
 <i class="+ topic ph hi-d="" i "="">
  crlNumber [
  <i class="+ topic ph hi-d="" i "="">
   options]
       java -jar AdobeRevocationListManager.jar -d
   <i class="+ topic ph hi-d="" i "="">
     filename
   </i class="+ topic>
  </i class="+ topic>
 </i class="+ topic>
</i class="+ topic>
  • destfile specifies the name of the file in which the revocation list properties are saved.
  • crlNumber represents a non-negative version number of the Certificate Revocation List (CRL). You need to increment this number each time the CRL is updated.

Table 5: Command-line Options

Command line option Description
-c configfile

Specifies the name and location of the configuration file.

If you do not specify a name or a location, the DRM Revocation List Manager searches for flashaccesstools.properties in the current working directory.

Note: Options that you specify on the command line take precedence over the options you specify in the configuration file.

Specifies the location of the configuration file. If you do not apply this option, the Revocation List Manager searches for flashaccesstools.properties in the working directory.
-d filename

Displays information about the revocation list.

-e date

(Optional) The expiration date of the revocation list. Use one of the following formats:

  • yyyy-mm-dd
  • yyyy-mm-dd-h24:min:sec
For example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM.

-f filename[certfile]

Adds all entries from the existing revocation list. You can only specify one existing file.

If the existing list was signed with a credential other than the one that you have used to sign the new list, you need to specify its certificate file next to verify its signature.

-noprompt

Do not ask if the destination file should be overwritten. If the destination file already exists and -o is not set, an error occurs.

-o If the destination file already exists, you can overwrite it without being prompted.
-r issuerName serialNumber revocationDate

Revokes the certificate that has been identified by issuerName and serialNumber on the specified date. The issuerName must use the 509 name format. For example, CN=12345,O=Adobe Systems Incorporated,C=US.

You must specify the serial numbers in a hexadecimal format. You also need to specify the revocation date in one of the following formats:

  • yyyy-mm-dd
  • yyyy-mm-dd-h24:min:sec
For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008. If you do not specify the revocation date, the current date is automatically applied.

Configuration properties

You need to apply credentials to sign revocation lists. The following Revocation List Manager properties specify a PKCS12 file that includes credentials for signing revocation lists (License Server Certificate), along with the password for the cert:

  • revocation.sign.certfile=license-server-credentials.pfx
  • revocation.sign.certpass=password

On this page