]>
jfr.im git - vpn-prov.git/blob - easy-rsa/revoke-full
3 # revoke a certificate, regenerate CRL,
4 # and verify revocation
10 echo "usage: revoke-full <cert-name-base>";
14 if [ "$KEY_DIR" ]; then
23 # revoke key and generate a new CRL
24 if [ -f "$1.crt" ]; then
26 elif [ -f "$1.pem" ]; then
29 echo "That certificate doesn't exist ($1.crt or $1.pem)"
32 $OPENSSL ca
-revoke "$crtname" -config "$KEY_CONFIG"
34 # generate a new CRL -- try to be compatible with
36 $OPENSSL ca
-gencrl -out "$CRL" -config "$KEY_CONFIG"
37 if [ -e export-ca.crt
]; then
38 cat export-ca.crt
"$CRL" >"$RT"
40 cat ca.crt
"$CRL" >"$RT"
43 # verify the revocation
44 $OPENSSL verify
-CAfile "$RT" -crl_check "$crtname"
46 echo 'Please source the vars script first (i.e. "source ./vars")'
47 echo 'Make sure you have edited it to reflect your configuration.'