Allows for easier testing of the revocation functionality.
Signed-off-by: Steffan Karger <stef...@karger.me>
---
sample/sample-keys/gen-sample-keys.sh | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sample/sample-keys/gen-sample-keys.sh
b/sample/sample-keys/gen-sample-keys.sh
index 725cfc9..301cff2 100755
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -52,6 +52,14 @@ openssl pkcs12 -export -nodes -password pass:password \
-out sample-ca/client.p12 -inkey sample-ca/client.key \
-in sample-ca/client.crt -certfile sample-ca/ca.crt
+# Create a client cert, revoke it, generate CRL
+openssl req -new -nodes -config openssl.cnf \
+ -keyout sample-ca/client-revoked.key -out sample-ca/client-revoked.csr \
+ -subj
"/C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf \
+ -out sample-ca/client-revoked.crt -in sample-ca/client-revoked.csr
+openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt
+openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl
# Create EC server and client cert (signed by 'regular' RSA CA)
openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
@@ -76,3 +84,4 @@ openssl dhparam -out dh2048.pem 2048
cp sample-ca/*.key .
cp sample-ca/*.crt .
cp sample-ca/*.p12 .
+cp sample-ca/*.crl .
--
2.7.4
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
