diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
| commit | 25663e04c3ab01ef8dc9f906608282319cfea2db (patch) | |
| tree | a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /testing/hosts/winnetou/etc/openssl/generate-crl | |
| parent | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff) | |
| download | vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip | |
New upstream version 5.5.1
Diffstat (limited to 'testing/hosts/winnetou/etc/openssl/generate-crl')
| -rwxr-xr-x | testing/hosts/winnetou/etc/openssl/generate-crl | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index fd75ed0f3..1a375e051 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -31,6 +31,12 @@ cp index.html ${ROOT} # revoke moon's current CERT pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl cp strongswan_moon_revoked.crl ${ROOT} +# generate a base CRL +pki --signcrl --lastcrl strongswan.crl --cacert strongswanCert.der --cakey strongswanKey.pem --lifetime 30 --crluri http://crl.strongswan.org/strongswan_delta.crl --digest sha256 > strongswan_base.crl +cp strongswan_base.crl ${ROOT} +# generate a delta CRL revoking moon's current cert +pki --signcrl --basecrl strongswan_base.crl --reason key-compromise --cert newcerts/2B.pem --cacert strongswanCert.der --cakey strongswanKey.pem --lifetime 10 --digest sha256 > strongswan_delta.crl +cp strongswan_delta.crl ${ROOT} cd /etc/openssl/research openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem openssl crl -in crl.pem -outform der -out research.crl @@ -54,3 +60,6 @@ cp strongswan_rfc3779.crl ${ROOT} cd /etc/openssl/bliss pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha3_512 > strongswan_bliss.crl cp strongswan_bliss.crl ${ROOT} +cd /etc/openssl/sha3-rsa +pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl +cp strongswan-sha3-rsa.crl ${ROOT} |