revoke client cert
#!/bin/bash | |
function usage () { | |
echo "$0 [CA section name] [username]" | |
exit 1 | |
} | |
if [ $# -ne 2 ] | |
then | |
usage | |
fi | |
CA_NAME="$1" | |
USERNAME="$2" | |
SSL_DIR="/etc/ssl" | |
SSL_PRIVATE_DIR="$SSL_DIR/${CA_NAME}/private" | |
SSL_CERTS_DIR="$SSL_DIR/${CA_NAME}/certs" | |
USERS_DIR="${SSL_CERTS_DIR}/users" | |
# Revoke a particular user's certificate. | |
openssl ca -name ${CA_NAME} -revoke ${USERS_DIR}/${USERNAME}.crt -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt | |
# Update the Certificate Revocation list for removing 'user certificates.' | |
openssl ca -name ${CA_NAME} -gencrl -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt -out $SSL_PRIVATE_DIR/ca.crl -crldays 1095 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment