Stefan Reimer
3e0ec5fcb0
All checks were successful
ZeroDownTime/zdt-openvpn/pipeline/head This commit looks good
38 lines
684 B
Bash
Executable File
38 lines
684 B
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# Revoke a client certificate
|
|
#
|
|
|
|
if [ "$DEBUG" == "1" ]; then
|
|
set -x
|
|
fi
|
|
|
|
set -e
|
|
|
|
if [ -z "$OPENVPN" ]; then
|
|
export OPENVPN="$PWD"
|
|
fi
|
|
if [ -z "$EASYRSA_PKI" ]; then
|
|
export EASYRSA_PKI="$OPENVPN/pki"
|
|
fi
|
|
|
|
cn="$1"
|
|
|
|
if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
|
|
echo "Unable to find \"${cn}\"" >&2
|
|
exit 1
|
|
fi
|
|
|
|
export EASYRSA_BATCH="True"
|
|
|
|
easyrsa revoke "$cn"
|
|
echo "Revoked $cn"
|
|
|
|
echo "Updating crl.pem"
|
|
easyrsa gen-crl
|
|
|
|
rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req
|
|
# do not delete OTP to allow reuse after re-issued cert, left overs OTP data wont hurt anyone
|
|
# rm -f $OPENVPN/otp/$cn.google_authenticator
|