diff options
Diffstat (limited to 'revoke.sh')
| -rwxr-xr-x | revoke.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/revoke.sh b/revoke.sh new file mode 100755 index 0000000..8e45ab7 --- /dev/null +++ b/revoke.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# requires bash regexes + +SUPPLEMENTARY_CONFIG="$2" + +set -e + +. ./configure.sh + +if [ $2 ]; then + export CA=$2 +fi + +if [ -e "$1" ]; then # check by filename + CERT="$1" +elif [ -e "$CA"/signed/"$1".crt ]; then # check by certificate name + CERT="$CA"/signed/"$1".crt +elif [ -e "$CA"/certs/"$1".pem ]; then # check by serial + CERT="$CA"/certs/"$1".pem +else + echo "Please provide a certificate file, name, or serial to revoke as an argument." + echo "$0 [certfile|certname|serial] (configfile)" + exit 2 +fi + +# Gen signed key +echo Adding revocation to index... +openssl ca -config "$OPENSSL_CONFIG" -revoke "$CERT" +echo Building and signing CRL... +openssl ca -config "$OPENSSL_CONFIG" -gencrl -out "$CA"/ca/"$CA".crl +echo +openssl crl -in "$CA"/ca/"$CA".crl -text -noout +echo +echo Apache: SSLCARevocationFile "$PWD"/"$CA"/ca/"$CA".crl +echo nginx: ssl_crl "$PWD"/"$CA"/ca/"$CA".crl +echo Lighttpd: sucks to be you! + |