#! /bin/sh
# generate a certificate revocation list (CRL) for the strongswan CA.
#
# Copyright (C) 2004  Andreas Steffen
# Zuercher Hochschule Winterthur
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: generate-crl,v 1.2 2005/03/24 11:19:38 as Exp $

export COMMON_NAME=strongSwan

cd /etc/openssl
openssl ca -gencrl -crldays 30 -config /etc/openssl/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out strongswan.crl
cp strongswan.crl     /var/www/localhost/htdocs/
cp strongswanCert.pem /var/www/localhost/htdocs/
cp index.html         /var/www/localhost/htdocs/
cd /etc/openssl/research
openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out research.crl
cp research.crl       /var/www/localhost/htdocs/
cd /etc/openssl/sales
openssl ca -gencrl -crldays 15 -config /etc/openssl/sales/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out sales.crl
cp sales.crl         /var/www/localhost/htdocs/