zdt-openvpn/bin/ovpn_revokeclient

36 lines
582 B
Bash
Executable File

#!/bin/bash
#
# Revoke a client certificate
#
if [ "$DEBUG" == "1" ]; then
set -x
fi
set -e
if [ -z "$OPENVPN" ]; then
export OPENVPN="$PWD"
fi
if [ -z "$EASYRSA_PKI" ]; then
export EASYRSA_PKI="$OPENVPN/pki"
fi
cn="$1"
if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
echo "Unable to find \"${cn}\"" >&2
exit 1
fi
export EASYRSA_BATCH="True"
easyrsa revoke "$cn"
echo "Revoked $cn"
echo "Updating crl.pem"
easyrsa gen-crl
rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req $OPENVPN/otp/$cn.google_authenticator