summaryrefslogtreecommitdiff
path: root/openvpn/easy-rsa/revoke-full
blob: 66ea03fa369f5d610f70c45d40586ca6629d30b4 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/bin/sh

# revoke a certificate, regenerate CRL,
# and verify revocation

CRL=crl.pem
RT=revoke-test.pem

if test $# -ne 1; then
        echo "usage: revoke-full <name>";
        exit 1
fi

if test $KEY_DIR; then
       cd $KEY_DIR
       rm -f $RT

       # revoke key and generate a new CRL
       openssl ca -revoke $1.crt -config $KEY_CONFIG

       # generate a new CRL
       openssl ca -gencrl -out $CRL -config $KEY_CONFIG
       cat ca.crt $CRL >$RT
    
       # verify the revocation
       openssl verify -CAfile $RT -crl_check $1.crt
else
       echo you must define KEY_DIR
fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 08:22:36 +0000