fic/server
2
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Add gencrl into CA.sh

Browse Source
This commit is contained in:
nemunaire 2013-12-11 18:11:32 +01:00
parent c9cc7b36a9
commit 9109c3e3e0
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
misc/CA.sh
View File

@ -25,7 +25,7 @@ END_BOLD="</b>"
usage()
{
echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)"
echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME|-gencrl)"
exit 1
}
@ -38,8 +38,9 @@ clean()
mkdir -p ${TOP_DIR}/newcerts
mkdir -p ${TOP_DIR}/private
mkdir -p ${TOP_DIR}/pkcs
echo "01" > ${TOP_DIR}/crlnumber
elif [ "$1" = "client" ]; then
rm -rf ${2}.key ${2}.csr
rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
fi
rm -rf $OUTPUT
}
@ -151,7 +152,7 @@ case $1 in
pass=`pwgen -n -B -y 12 1`
openssl req -batch -new -keyout ${2}.key -out ${2}.csr \
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
cat $OUTPUT
@ -160,8 +161,8 @@ case $1 in
fi
echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
openssl ca -batch -policy policy_match -out ${2}.crt \
-config ${OPENSSL_CONF} -infiles ${2}.csr > $OUTPUT 2>&1
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
-config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
cat $OUTPUT
@ -169,7 +170,7 @@ case $1 in
exit 3
fi
echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
openssl pkcs12 -export -inkey ${2}.key -in ${2}.crt -name ${2} \
openssl pkcs12 -export -inkey ${TOP_DIR}/${2}.key -in ${TOP_DIR}/${2}.crt -name ${2} \
-passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \
-passout pass:$pass > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
@ -180,8 +181,9 @@ case $1 in
else
echo -e "Exported pkcs12 file is ${2}.p12"
fi
mv ${2}.crt ${TOP_DIR}/certs
mv ${TOP_DIR}/${2}.crt ${TOP_DIR}/certs
echo "$2:$pass" >> ${TOP_DIR}/../teams.pass
echo "$pass"
clean "client" $2
;;
"-revoke" )
@ -200,7 +202,25 @@ case $1 in
fi
rm ${TOP_DIR}/certs/${2}.crt
rm ${TOP_DIR}/pkcs/${2}.p12
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}Generate crl.pem failed"
cat $OUTPUT
exit 5
fi
;;
"-gencrl" )
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}Generate crl.pem failed"
cat $OUTPUT
exit 5
fi
;;
* )
usage
;;

4
onyx/include/admin/certificate.php
View File

@ -80,8 +80,10 @@ if (!empty($p[2]))
//TODO check revoked attribute
if (isset($name))
{
new_client($name, $misc_dir);
$output = new_client($name, $misc_dir);
Team::set_revoked(FALSE, $name);
erreur($output, "sucess");
return "admin/import_users";
}
}
elseif ($p[2] == "get")