Use the Primetime DRM Revocation List Manager command-line tool ( AdobeRevocationListManager.jar) to create and manage revocation lists, and to check whether policies have been revoked.
Before you run AdobeRevocationListManager.jar, you must set properties in the Policy Update List Manager and Revocation List Manager Properties section of your configuration file.
You can also specify all Revocation List Manager properties from the command line.
java -jar AdobeRevocationListManager.jar
<i class="+ topic ph hi-d="" i "="">
destfile
<i class="+ topic ph hi-d="" i "="">
crlNumber [
<i class="+ topic ph hi-d="" i "="">
options]
java -jar AdobeRevocationListManager.jar -d
<i class="+ topic ph hi-d="" i "="">
filename
</i class="+ topic>
</i class="+ topic>
</i class="+ topic>
</i class="+ topic>
destfile
specifies the name of the file in which the revocation list properties are saved.crlNumber
represents a non-negative version number of the Certificate Revocation List (CRL). You need to increment this number each time the CRL is updated.Table 5: Command-line Options
Command line option | Description |
---|---|
-c configfile | Specifies the name and location of the configuration file. If you do not specify a name or a location, the DRM Revocation List Manager searches for flashaccesstools.properties in the current working directory. Note: Options that you specify on the command line take precedence over the options you specify in the configuration file. Specifies the location of the configuration file. If you do not apply this option, the Revocation List Manager searches for flashaccesstools.properties in the working directory. |
-d filename | Displays information about the revocation list. |
-e date | (Optional) The expiration date of the revocation list. Use one of the following formats:
|
-f filename[certfile] | Adds all entries from the existing revocation list. You can only specify one existing file. If the existing list was signed with a credential other than the one that you have used to sign the new list, you need to specify its certificate file next to verify its signature. |
-noprompt | Do not ask if the destination file should be overwritten. If the destination file already exists and -o is not set, an error occurs. |
-o | If the destination file already exists, you can overwrite it without being prompted. |
-r issuerName serialNumber revocationDate | Revokes the certificate that has been identified by issuerName and serialNumber on the specified date. The issuerName must use the 509 name format. For example, CN=12345,O=Adobe Systems Incorporated,C=US. You must specify the serial numbers in a hexadecimal format. You also need to specify the revocation date in one of the following formats:
|
You need to apply credentials to sign revocation lists. The following Revocation List Manager properties specify a PKCS12 file that includes credentials for signing revocation lists (License Server Certificate), along with the password for the cert:
revocation.sign.certfile=license-server-credentials.pfx
revocation.sign.certpass=password