[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Certificate Revocation Issue


  • Subject: Re: [Openvpn-users] Certificate Revocation Issue
  • From: Aidan Anderson <mail@xxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 05 Feb 2008 17:12:51 +0000


Erich Titl wrote:
> Hi Aidan
>
> Aidan Anderson wrote:
>> Erich Titl wrote:
>>>
>>> Aidan Anderson wrote:
>>>> Hi List,
>>>>
> ...
>
>> Thanks for the reply Erich, I appreciate that common sense should 
>> prevail when using this type of tool.
>>
>> As many people will be using it to creating keys, I have created a 
>> small wrapper for revoke-full to avoid the situation ever arising.  
>> I've added the relevant part of the script below in case anyone finds 
>> it useful
>>
>> regards,
>> Aidan
>>
>>
>> Set $key_dir and $rsa_dir to match your key and rsa directories
>>
>>
>>
>>       ## Validate the supplied common name.
>>       ## If the common name doesn't exist then add it.
>>       ## If the common name exists and is active then don't add it.
>>       ## If the common name exists but has been previously revoked, 
>> ask the user to make the decision.
>>       #
>>       cd $key_dir
>>       add_common_name="no"
>>       cert_state=`cat index.txt|grep "CN=$common_name"|tail -n1|cut -c1`
>>       if [ -z $cert_state ]; then
>>         add_common_name="yes"
>>       else
>>         if [ $cert_state = "R" ]; then
>>           echo; echo -n "This common name was previously revoked, are 
>> you sure you want to use it again? [y/n]:"
>>           read yorn
>>           if [ $yorn ]; then
>>             if [ $yorn = "y" ]; then
>>               add_common_name="yes"
>>             else
>>               message="Aborting, common name not added."
>>             fi
>>           else
>>             message="Aborting, common name not added."
>>           fi
>>         else
>>           message="Aborting, this common name cannot be added because 
>> it is currently active."
>>         fi
>>       fi
>>
>>       ## Create certificate if validated to do so.
>>       #
>>       if [ $add_common_name = "yes" ]; then
>>         cd $rsa_dir
>>         . ./vars
>>         ./build-key $common_name
>>       else
>>         echo; echo "$message"; echo
>>       fi
>>
>>
>
> You might want to build a patch for this :-)
>
> Erich
I've never built a patch for anything in my life, not really a 
programmer, just a script dabbler.  If you or anyone else wants to, feel 
free :)

Aidan

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users