diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-27 19:52:49 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-27 19:52:49 -0700 |
| commit | 478e1993e0760ad83668243111be155b3e9e7050 (patch) | |
| tree | 46d356b1a306d5333dd530115e57b61bcb3ab803 /revoke.sh | |
| download | cash-478e1993e0760ad83668243111be155b3e9e7050.tar.gz cash-478e1993e0760ad83668243111be155b3e9e7050.zip | |
Initial content; missing some mailcert.sh support
Diffstat (limited to 'revoke.sh')
| -rwxr-xr-x | revoke.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/revoke.sh b/revoke.sh new file mode 100755 index 0000000..8e45ab7 --- /dev/null +++ b/revoke.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# requires bash regexes + +SUPPLEMENTARY_CONFIG="$2" + +set -e + +. ./configure.sh + +if [ $2 ]; then + export CA=$2 +fi + +if [ -e "$1" ]; then # check by filename + CERT="$1" +elif [ -e "$CA"/signed/"$1".crt ]; then # check by certificate name + CERT="$CA"/signed/"$1".crt +elif [ -e "$CA"/certs/"$1".pem ]; then # check by serial + CERT="$CA"/certs/"$1".pem +else + echo "Please provide a certificate file, name, or serial to revoke as an argument." + echo "$0 [certfile|certname|serial] (configfile)" + exit 2 +fi + +# Gen signed key +echo Adding revocation to index... +openssl ca -config "$OPENSSL_CONFIG" -revoke "$CERT" +echo Building and signing CRL... +openssl ca -config "$OPENSSL_CONFIG" -gencrl -out "$CA"/ca/"$CA".crl +echo +openssl crl -in "$CA"/ca/"$CA".crl -text -noout +echo +echo Apache: SSLCARevocationFile "$PWD"/"$CA"/ca/"$CA".crl +echo nginx: ssl_crl "$PWD"/"$CA"/ca/"$CA".crl +echo Lighttpd: sucks to be you! + |