3
# revoke a certificate, regenerate CRL,
4
# and verify revocation
10
echo "usage: revoke-full <cert-name-base>";
14
if [ "$KEY_DIR" ]; then
23
# revoke key and generate a new CRL
24
$OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
26
# generate a new CRL -- try to be compatible with
28
$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
29
if [ -e export-ca.crt ]; then
30
cat export-ca.crt "$CRL" >"$RT"
32
cat ca.crt "$CRL" >"$RT"
35
# verify the revocation
36
$OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
38
echo 'Please source the vars script first (i.e. "source ./vars")'
39
echo 'Make sure you have edited it to reflect your configuration.'