3 # revoke a certificate, regenerate CRL,
4 # and verify revocation
10 echo "usage: revoke-full <cert-name-base>";
14 if [ "$KEY_DIR" ]; then
23 # revoke key and generate a new CRL
24 $OPENSSL ca
-revoke "$1.crt" -config "$KEY_CONFIG"
26 # generate a new CRL -- try to be compatible with
28 $OPENSSL ca
-gencrl -out "$CRL" -config "$KEY_CONFIG"
29 if [ -e export-ca.crt
]; then
30 cat export-ca.crt
"$CRL" >"$RT"
32 cat ca.crt
"$CRL" >"$RT"
35 # verify the revocation
36 $OPENSSL verify
-CAfile "$RT" -crl_check "$1.crt"
38 echo 'Please source the vars script first (i.e. "source ./vars")'
39 echo 'Make sure you have edited it to reflect your configuration.'