Skip to content

Instantly share code, notes, and snippets.

@rynop rynop/revoke_user.sh
Created Nov 26, 2012

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
revoke client cert
Raw
revoke_user.sh
#!/bin/bash
function usage () {
echo "$0 [CA section name] [username]"
exit 1
}
if [ $# -ne 2 ]
then
usage
fi
CA_NAME="$1"
USERNAME="$2"
SSL_DIR="/etc/ssl"
SSL_PRIVATE_DIR="$SSL_DIR/${CA_NAME}/private"
SSL_CERTS_DIR="$SSL_DIR/${CA_NAME}/certs"
USERS_DIR="${SSL_CERTS_DIR}/users"
# Revoke a particular user's certificate.
openssl ca -name ${CA_NAME} -revoke ${USERS_DIR}/${USERNAME}.crt -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt
# Update the Certificate Revocation list for removing 'user certificates.'
openssl ca -name ${CA_NAME} -gencrl -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt -out $SSL_PRIVATE_DIR/ca.crl -crldays 1095
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.