OK, now we assume that our certificate is compromised. We suppose that you have a certificate with serial number 01. Certificate was valid. You can see this if you see V in /etc/pki/CA/index.txt. We will do revocation with /etc/pki/CA/newcerts/01.pem
If we look in content of index.txt file we will see that it is now R (revoked). Now you need to create a file which will indicate that certificate was revoken.
Now you need to build an up-to-date certificate revocation list.
If you want to make certificate readable by Firefox, you should do next:
You should distribute your certificate-der.crl