|
@@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
|
|
|
NOTOK=1
|
|
|
else
|
|
|
if [ ! -f $CAPREFIX-ca.cacert ] ; then
|
|
|
- echo No CA certficate file $PREFIX-ca.caert
|
|
|
+ echo No CA certficate file $CAPREFIX-ca.caert
|
|
|
NOTOK=1
|
|
|
fi
|
|
|
if [ ! -f $CAPREFIX-ca.key ] ; then
|
|
@@ -74,7 +74,6 @@ fi
|
|
|
echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
|
|
|
$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
|
|
|
echo pseudo secrets generated
|
|
|
-read
|
|
|
|
|
|
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
|
|
|
|
|
@@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
|
|
|
echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
|
|
|
|
|
|
$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
|
|
|
-
|
|
|
- read
|
|
|
fi
|
|
|
|
|
|
echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
|
|
|
$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
|
|
|
|
|
|
+# revoke server cert
|
|
|
+touch $CAPREFIX-ca.db
|
|
|
+echo 01 > $CAPREFIX-ca.cnt
|
|
|
+echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
|
|
|
+$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
|
|
|
+
|
|
|
+# issue CRL
|
|
|
+echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
|
|
|
+$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
|
|
|
+
|
|
|
echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
|
|
|
$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
|
|
|
-read
|
|
|
|
|
|
# all together now
|
|
|
touch $PREFIX-sv.dhp
|