blob: f45890ec652f87e50cb475d8c6e959d1fcb13faf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/bin/bash
# requires bash regexes
SUPPLEMENTARY_CONFIG="$2"
set -e
. ./configure.sh
if [ $2 ]; then
export CA=$2
fi
if [ -e "$1" ]; then # check by filename
CERT="$1"
elif [ -e "$CA"/signed/"$1".crt ]; then # check by certificate name
CERT="$CA"/signed/"$1".crt
elif [ -e "$CA"/certs/"$1".pem ]; then # check by serial
CERT="$CA"/certs/"$1".pem
else
echo "Please provide a certificate file, name, or serial to revoke as an argument."
echo "$0 [certfile|certname|serial] (configfile)"
exit 2
fi
echo -n Enter the passphrase for "$CA"/ca/"$CA".key:\
read -s PASS
echo
export PASS
# Gen signed key
echo Adding revocation to index...
openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -revoke "$CERT"
echo Building and signing CRL...
openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -gencrl -out "$CA"/ca/"$CA".crl
echo
openssl crl -in "$CA"/ca/"$CA".crl -text -noout
echo
export -n PASS
if [ -x ./post-revoke ]; then
./post-revoke "$CA"/ca/"$CA".crl "$CERT"
else
echo Apache: SSLCARevocationFile "$PWD"/"$CA"/ca/"$CA".crl
echo nginx: ssl_crl "$PWD"/"$CA"/ca/"$CA".crl
echo Lighttpd: sucks to be you!
fi
|