[z_archive/vpsm.git] / devtemp / certs / revoke-full

#!/bin/sh

# revoke a certificate, regenerate CRL,
# and verify revocation

CRL="crl.pem"
RT="revoke-test.pem"

if [ $# -ne 1 ]; then
    echo "usage: revoke-full <cert-name-base>";
    exit 1
fi

if [ "$KEY_DIR" ]; then
    cd "$KEY_DIR"
    rm -f "$RT"

    # set defaults
    export KEY_CN=""
    export KEY_OU=""
    export KEY_NAME=""

    # revoke key and generate a new CRL
    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"

    # generate a new CRL -- try to be compatible with
    # intermediate PKIs
    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
    if [ -e export-ca.crt ]; then
	cat export-ca.crt "$CRL" >"$RT"
    else
	cat ca.crt "$CRL" >"$RT"
    fi
    
    # verify the revocation
    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
else
    echo 'Please source the vars script first (i.e. "source ./vars")'
    echo 'Make sure you have edited it to reflect your configuration.'
fi
Commit	Line	Data
dd71f1b5 JR	1	#!/bin/sh
	2
	3	# revoke a certificate, regenerate CRL,
	4	# and verify revocation
	5
	6	CRL="crl.pem"
	7	RT="revoke-test.pem"
	8
	9	if [ $# -ne 1 ]; then
	10	echo "usage: revoke-full <cert-name-base>";
	11	exit 1
	12	fi
	13
	14	if [ "$KEY_DIR" ]; then
	15	cd "$KEY_DIR"
	16	rm -f "$RT"
	17
	18	# set defaults
	19	export KEY_CN=""
	20	export KEY_OU=""
	21	export KEY_NAME=""
	22
	23	# revoke key and generate a new CRL
	24	$OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
	25
	26	# generate a new CRL -- try to be compatible with
	27	# intermediate PKIs
	28	$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
	29	if [ -e export-ca.crt ]; then
	30	cat export-ca.crt "$CRL" >"$RT"
	31	else
	32	cat ca.crt "$CRL" >"$RT"
	33	fi
	34
	35	# verify the revocation
	36	$OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
	37	else
	38	echo 'Please source the vars script first (i.e. "source ./vars")'
	39	echo 'Make sure you have edited it to reflect your configuration.'
	40	fi