From 58ff485edbe4bb93ebc922d14df24247846132b6 Mon Sep 17 00:00:00 2001
From: Othmar Gsenger <otti@anytun.org>
Date: Mon, 3 Dec 2007 09:42:38 +0000
Subject: added ssl tools

---
 ssltools/easy-rsa/2.0/revoke-full | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100755 ssltools/easy-rsa/2.0/revoke-full

(limited to 'ssltools/easy-rsa/2.0/revoke-full')

diff --git a/ssltools/easy-rsa/2.0/revoke-full b/ssltools/easy-rsa/2.0/revoke-full
new file mode 100755
index 0000000..bf3e5fb
--- /dev/null
+++ b/ssltools/easy-rsa/2.0/revoke-full
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+    echo "usage: revoke-full <common-name>";
+    exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR"
+    rm -f "$RT"
+
+    # set defaults
+    export KEY_CN=""
+    export KEY_OU=""
+
+    # revoke key and generate a new CRL
+    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+    # generate a new CRL -- try to be compatible with
+    # intermediate PKIs
+    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+    if [ -e export-ca.crt ]; then
+	cat export-ca.crt "$CRL" >"$RT"
+    else
+	cat ca.crt "$CRL" >"$RT"
+    fi
+    
+    # verify the revocation
+    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
-- 
cgit v1.2.3