diff options
author | Christian Pointner <equinox@anytun.org> | 2007-06-16 01:08:34 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2007-06-16 01:08:34 +0000 |
commit | bd379231f2d4b22b473fd7f428e518462fb7476a (patch) | |
tree | 7643fa58ffe7123cc08e7784f204efe9f5b5970e /openvpn/easy-rsa/2.0/revoke-full | |
parent | removed openvpn source files (diff) |
added all the openvpn stuff
Diffstat (limited to 'openvpn/easy-rsa/2.0/revoke-full')
-rwxr-xr-x | openvpn/easy-rsa/2.0/revoke-full | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/openvpn/easy-rsa/2.0/revoke-full b/openvpn/easy-rsa/2.0/revoke-full new file mode 100755 index 0000000..bf3e5fb --- /dev/null +++ b/openvpn/easy-rsa/2.0/revoke-full @@ -0,0 +1,39 @@ +#!/bin/bash + +# revoke a certificate, regenerate CRL, +# and verify revocation + +CRL="crl.pem" +RT="revoke-test.pem" + +if [ $# -ne 1 ]; then + echo "usage: revoke-full <common-name>"; + exit 1 +fi + +if [ "$KEY_DIR" ]; then + cd "$KEY_DIR" + rm -f "$RT" + + # set defaults + export KEY_CN="" + export KEY_OU="" + + # revoke key and generate a new CRL + $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" + + # generate a new CRL -- try to be compatible with + # intermediate PKIs + $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" + if [ -e export-ca.crt ]; then + cat export-ca.crt "$CRL" >"$RT" + else + cat ca.crt "$CRL" >"$RT" + fi + + # verify the revocation + $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi |