Revoke User certificate


Hojjat Jashnniloofar
 

Hello,
We are a team worked KYC solution on heyperledger fabric for last 2 years. We register each user and enroll certificate for each user and install keyPairs on user mobiles. In case of lost or theft, we want to revoke user certificate and reenroll them. We find sdk functions for revoke and reenroll but we want to ban old certificates to access the chaincode methods. We can generate ca crl but we don't know where we must place this CRLs or how to enforce peers to check certificate status before submit or evaluate transaction. 

We place this CRL (generated by ca) on peer in this path:
/etc/hyperledger/msp/peer/crls
but still user can submit transaction by revoked certificate.

anyone can help us in this case? 

Best Regards
Hojjat Jashnniloofar

Join fabric@lists.hyperledger.org to automatically receive all group messages.