summaryrefslogtreecommitdiff
path: root/ssltools/easy-rsa/2.0/revoke-full
diff options
context:
space:
mode:
authorOthmar Gsenger <otti@anytun.org>2007-12-03 09:42:38 +0000
committerOthmar Gsenger <otti@anytun.org>2007-12-03 09:42:38 +0000
commit58ff485edbe4bb93ebc922d14df24247846132b6 (patch)
treee98c6412b149024b38550bf7d5dd1ed95e251351 /ssltools/easy-rsa/2.0/revoke-full
parentfixed doxygen bug (diff)
added ssl tools
Diffstat (limited to 'ssltools/easy-rsa/2.0/revoke-full')
-rwxr-xr-xssltools/easy-rsa/2.0/revoke-full39
1 files changed, 39 insertions, 0 deletions
diff --git a/ssltools/easy-rsa/2.0/revoke-full b/ssltools/easy-rsa/2.0/revoke-full
new file mode 100755
index 0000000..bf3e5fb
--- /dev/null
+++ b/ssltools/easy-rsa/2.0/revoke-full
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+ echo "usage: revoke-full <common-name>";
+ exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+ cd "$KEY_DIR"
+ rm -f "$RT"
+
+ # set defaults
+ export KEY_CN=""
+ export KEY_OU=""
+
+ # revoke key and generate a new CRL
+ $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+ # generate a new CRL -- try to be compatible with
+ # intermediate PKIs
+ $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+ if [ -e export-ca.crt ]; then
+ cat export-ca.crt "$CRL" >"$RT"
+ else
+ cat ca.crt "$CRL" >"$RT"
+ fi
+
+ # verify the revocation
+ $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi