From 1d94fee6827e1e4b29a73993d42ad5cfb3da8c36 Mon Sep 17 00:00:00 2001 From: Li Chen Date: Sat, 30 Nov 2013 16:32:17 +0100 Subject: [PATCH] CA.sh: add revocation --- misc/CA.sh | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/misc/CA.sh b/misc/CA.sh index 2a224d23..45911707 100755 --- a/misc/CA.sh +++ b/misc/CA.sh @@ -25,7 +25,7 @@ END_BOLD="" usage() { - echo "Usage: $0 (-newca|-newserver|-newclient NAME)" + echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)" exit 1 } @@ -39,7 +39,7 @@ clean() mkdir -p ${TOP_DIR}/private mkdir -p ${TOP_DIR}/pkcs elif [ "$1" = "client" ]; then - rm -rf ${2}.key ${2}.csr ${2}.crt + rm -rf ${2}.key ${2}.csr fi rm -rf $OUTPUT } @@ -173,17 +173,35 @@ case $1 in -passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \ -passout pass:$pass > $OUTPUT 2>&1 if [ $? -ne 0 ]; then - echo -e "${RED}pkcs12 export failed${COLOR_RST} for ${BOLD}$2${END_BOLD}" + echo -e "${RED}pkcs12 export failed for ${BOLD}$2${END_BOLD}${COLOR_RST}" cat $OUTPUT clean "client" $2 exit 4 else echo -e "Exported pkcs12 file is ${2}.p12" fi + mv ${2}.crt ${TOP_DIR}/certs # TODO handle this file echo "$2:$pass" >> teams.pass clean "client" $2 ;; + "-revoke" ) + if [ $# -ne 2 ]; then + echo "Usage: $0 -revoke NAME" + exit 1 + fi + echo -e "${GREEN}Revocate ${BOLD}${2}${END_BOLD}${COLOR_RST}" + openssl ca -revoke ${TOP_DIR}/certs/${2}.crt -config ${OPENSSL_CONF}\ + -keyfile ${TOP_DIR}/private/${CAKEY} \ + -cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1 + if [ $? -ne 0 ]; then + echo -e "${RED}Revocation failed for ${BOLD}${2}${END_BOLD}${COLOR_RST}" + cat $OUTPUT + exit 4 + fi + rm ${TOP_DIR}/certs/${2}.crt + rm ${TOP_DIR}/pkcs/${2}.p12 + ;; * ) usage ;;