]>
Commit | Line | Data |
---|---|---|
dd71f1b5 JR |
1 | #!/bin/sh |
2 | ||
3 | # revoke a certificate, regenerate CRL, | |
4 | # and verify revocation | |
5 | ||
6 | CRL="crl.pem" | |
7 | RT="revoke-test.pem" | |
8 | ||
9 | if [ $# -ne 1 ]; then | |
10 | echo "usage: revoke-full <cert-name-base>"; | |
11 | exit 1 | |
12 | fi | |
13 | ||
14 | if [ "$KEY_DIR" ]; then | |
15 | cd "$KEY_DIR" | |
16 | rm -f "$RT" | |
17 | ||
18 | # set defaults | |
19 | export KEY_CN="" | |
20 | export KEY_OU="" | |
21 | export KEY_NAME="" | |
22 | ||
23 | # revoke key and generate a new CRL | |
24 | $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" | |
25 | ||
26 | # generate a new CRL -- try to be compatible with | |
27 | # intermediate PKIs | |
28 | $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" | |
29 | if [ -e export-ca.crt ]; then | |
30 | cat export-ca.crt "$CRL" >"$RT" | |
31 | else | |
32 | cat ca.crt "$CRL" >"$RT" | |
33 | fi | |
34 | ||
35 | # verify the revocation | |
36 | $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" | |
37 | else | |
38 | echo 'Please source the vars script first (i.e. "source ./vars")' | |
39 | echo 'Make sure you have edited it to reflect your configuration.' | |
40 | fi |