From 478e1993e0760ad83668243111be155b3e9e7050 Mon Sep 17 00:00:00 2001
From: Joe Rayhawk <jrayhawk@omgwallhack.org>
Date: Sun, 27 Mar 2011 19:52:49 -0700
Subject: Initial content; missing some mailcert.sh support

---
 revoke.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 revoke.sh

(limited to 'revoke.sh')

diff --git a/revoke.sh b/revoke.sh
new file mode 100755
index 0000000..8e45ab7
--- /dev/null
+++ b/revoke.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# requires bash regexes
+
+SUPPLEMENTARY_CONFIG="$2"
+
+set -e
+
+. ./configure.sh
+
+if [ $2 ]; then
+  export CA=$2
+fi
+
+if [ -e "$1" ]; then # check by filename
+  CERT="$1"
+elif [ -e "$CA"/signed/"$1".crt ]; then # check by certificate name
+  CERT="$CA"/signed/"$1".crt
+elif [ -e "$CA"/certs/"$1".pem ]; then # check by serial
+  CERT="$CA"/certs/"$1".pem
+else
+  echo "Please provide a certificate file, name, or serial to revoke as an argument."
+  echo "$0 [certfile|certname|serial] (configfile)"
+  exit 2
+fi
+  
+# Gen signed key
+echo Adding revocation to index...
+openssl ca -config "$OPENSSL_CONFIG" -revoke "$CERT"
+echo Building and signing CRL...
+openssl ca -config "$OPENSSL_CONFIG" -gencrl -out "$CA"/ca/"$CA".crl
+echo
+openssl crl -in "$CA"/ca/"$CA".crl -text -noout
+echo
+echo Apache: SSLCARevocationFile "$PWD"/"$CA"/ca/"$CA".crl
+echo nginx: ssl_crl "$PWD"/"$CA"/ca/"$CA".crl
+echo Lighttpd: sucks to be you!
+
-- 
cgit v1.2.3