Add gencrl into CA.sh
This commit is contained in:
parent
c9cc7b36a9
commit
9109c3e3e0
34
misc/CA.sh
34
misc/CA.sh
@ -25,7 +25,7 @@ END_BOLD="</b>"
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)"
|
||||
echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME|-gencrl)"
|
||||
exit 1
|
||||
}
|
||||
|
||||
@ -38,8 +38,9 @@ clean()
|
||||
mkdir -p ${TOP_DIR}/newcerts
|
||||
mkdir -p ${TOP_DIR}/private
|
||||
mkdir -p ${TOP_DIR}/pkcs
|
||||
echo "01" > ${TOP_DIR}/crlnumber
|
||||
elif [ "$1" = "client" ]; then
|
||||
rm -rf ${2}.key ${2}.csr
|
||||
rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
|
||||
fi
|
||||
rm -rf $OUTPUT
|
||||
}
|
||||
@ -151,7 +152,7 @@ case $1 in
|
||||
|
||||
pass=`pwgen -n -B -y 12 1`
|
||||
|
||||
openssl req -batch -new -keyout ${2}.key -out ${2}.csr \
|
||||
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
|
||||
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $OUTPUT
|
||||
@ -160,8 +161,8 @@ case $1 in
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
|
||||
openssl ca -batch -policy policy_match -out ${2}.crt \
|
||||
-config ${OPENSSL_CONF} -infiles ${2}.csr > $OUTPUT 2>&1
|
||||
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
|
||||
-config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
|
||||
cat $OUTPUT
|
||||
@ -169,7 +170,7 @@ case $1 in
|
||||
exit 3
|
||||
fi
|
||||
echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
|
||||
openssl pkcs12 -export -inkey ${2}.key -in ${2}.crt -name ${2} \
|
||||
openssl pkcs12 -export -inkey ${TOP_DIR}/${2}.key -in ${TOP_DIR}/${2}.crt -name ${2} \
|
||||
-passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \
|
||||
-passout pass:$pass > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
@ -180,8 +181,9 @@ case $1 in
|
||||
else
|
||||
echo -e "Exported pkcs12 file is ${2}.p12"
|
||||
fi
|
||||
mv ${2}.crt ${TOP_DIR}/certs
|
||||
mv ${TOP_DIR}/${2}.crt ${TOP_DIR}/certs
|
||||
echo "$2:$pass" >> ${TOP_DIR}/../teams.pass
|
||||
echo "$pass"
|
||||
clean "client" $2
|
||||
;;
|
||||
"-revoke" )
|
||||
@ -200,6 +202,24 @@ case $1 in
|
||||
fi
|
||||
rm ${TOP_DIR}/certs/${2}.crt
|
||||
rm ${TOP_DIR}/pkcs/${2}.p12
|
||||
|
||||
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
|
||||
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "${RED}Generate crl.pem failed"
|
||||
cat $OUTPUT
|
||||
exit 5
|
||||
fi
|
||||
|
||||
;;
|
||||
"-gencrl" )
|
||||
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
|
||||
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "${RED}Generate crl.pem failed"
|
||||
cat $OUTPUT
|
||||
exit 5
|
||||
fi
|
||||
;;
|
||||
* )
|
||||
usage
|
||||
|
@ -80,8 +80,10 @@ if (!empty($p[2]))
|
||||
//TODO check revoked attribute
|
||||
if (isset($name))
|
||||
{
|
||||
new_client($name, $misc_dir);
|
||||
$output = new_client($name, $misc_dir);
|
||||
Team::set_revoked(FALSE, $name);
|
||||
erreur($output, "sucess");
|
||||
return "admin/import_users";
|
||||
}
|
||||
}
|
||||
elseif ($p[2] == "get")
|
||||
|
Loading…
Reference in New Issue
Block a user