Can revoke server certificate

2014-11-20 17:32:46 +01:00 · 2014-11-20 17:32:46 +01:00 · 716e1e7ccd
commit 716e1e7ccd
parent 099fdf4db1
1 changed files with 20 additions and 0 deletions
--- a/misc/CA.sh
+++ b/misc/CA.sh
@ -146,6 +146,26 @@ case $1 in
            echo $ECHO_OPTS "${GREEN}Signed certificate is in server.crt${COLOR_RST}"
        fi
        ;;
+
+    "-revokeserver" )
+        echo $ECHO_OPTS "${GREEN}Revocate server certificate${COLOR_RST}"
+        if ! [ -f ${TOP_DIR}/private/${CAKEY} ]; then
+            echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
+            exit 2
+        fi
+        openssl ca -revoke server.crt -config ${OPENSSL_CONF}\
+                   -keyfile ${TOP_DIR}/private/${CAKEY}                     \
+                   -cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1
+        if [ $? -ne 0 ]; then
+            echo $ECHO_OPTS "${RED}Server certificate revocation failed${COLOR_RST}"
+            cat $OUTPUT
+            exit 4
+        fi
+        rm ${TOP_DIR}/server.crt ${TOP_DIR}/server.key
+
+	gen_crl
+        ;;
+
    "-newclient" )
        if [ $# -ne 2 ]; then
            echo "Usage: $0 -newclient NAME"