[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Certificate Revocation Issue


  • Subject: Re: [Openvpn-users] Certificate Revocation Issue
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Tue, 05 Feb 2008 17:07:04 +0000

Hi Aidan

Aidan Anderson wrote:
> Erich Titl wrote:
>>
>> Aidan Anderson wrote:
>>> Hi List,
>>>
...

> Thanks for the reply Erich, I appreciate that common sense should 
> prevail when using this type of tool.
> 
> As many people will be using it to creating keys, I have created a small 
> wrapper for revoke-full to avoid the situation ever arising.  I've added 
> the relevant part of the script below in case anyone finds it useful
> 
> regards,
> Aidan
> 
> 
> Set $key_dir and $rsa_dir to match your key and rsa directories
> 
> 
> 
>       ## Validate the supplied common name.
>       ## If the common name doesn't exist then add it.
>       ## If the common name exists and is active then don't add it.
>       ## If the common name exists but has been previously revoked, ask 
> the user to make the decision.
>       #
>       cd $key_dir
>       add_common_name="no"
>       cert_state=`cat index.txt|grep "CN=$common_name"|tail -n1|cut -c1`
>       if [ -z $cert_state ]; then
>         add_common_name="yes"
>       else
>         if [ $cert_state = "R" ]; then
>           echo; echo -n "This common name was previously revoked, are 
> you sure you want to use it again? [y/n]:"
>           read yorn
>           if [ $yorn ]; then
>             if [ $yorn = "y" ]; then
>               add_common_name="yes"
>             else
>               message="Aborting, common name not added."
>             fi
>           else
>             message="Aborting, common name not added."
>           fi
>         else
>           message="Aborting, this common name cannot be added because it 
> is currently active."
>         fi
>       fi
> 
>       ## Create certificate if validated to do so.
>       #
>       if [ $add_common_name = "yes" ]; then
>         cd $rsa_dir
>         . ./vars
>         ./build-key $common_name
>       else
>         echo; echo "$message"; echo
>       fi
> 
> 

You might want to build a patch for this :-)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users