(Based on Nilesh’s answer) In the default configuration, openssl will keep copies of all signed certificates in /etc/ssl/newcerts, named by its index number. So grep /etc/ssl/index.txt to obtain the serial number of the key to be revoked, e.g. 1013, then execute the following command:
openssl ca -revoke /etc/ssl/newcerts/1013.pem #replacing the serial number
The -keyfile and -cert mentioned in Nilesh’s answer are only required if that deviates from your openssl.cnf settings.
Alternatively you can also change /etc/ssl/index.txt.attr to contain the line
unique_subject = no
to allow multiple certificates with the same common name. If you have published the original certificate, revoking the old one is however the preferable solution, even if you don’t run an OSCP server or provide CRLs.