sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-15 00:00:26 -05:00
Code Issues Projects Releases Wiki Activity

testing: Generate a CRL that has moon's actual certificate revoked

Browse Source
This commit is contained in:
Tobias Brunner 2015-10-27 17:42:15 +01:00
parent e41adf5f05
commit d163aa5eaf
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
testing/hosts/winnetou/etc/openssl/generate-crl
View File

@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl
cp strongswan.crl ${ROOT}
cp strongswanCert.pem ${ROOT}
cp index.html ${ROOT}
# revoke moon's current CERT
pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl
cp strongswan_moon_revoked.crl ${ROOT}
cd /etc/openssl/research
openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out research.crl