diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-10-27 17:42:15 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-03-10 11:07:15 +0100 |
| commit | d163aa5eaf265ae7fc69fe0689ad82ea1149b410 (patch) | |
| tree | 451ffe4ad63dd748a677f36b39fe7a620bcec25e | |
| parent | e41adf5f05a35bf6a2f8cd1d5a566f8f1fb6a25b (diff) | |
| download | strongswan-d163aa5eaf265ae7fc69fe0689ad82ea1149b410.tar.bz2 strongswan-d163aa5eaf265ae7fc69fe0689ad82ea1149b410.tar.xz | |
testing: Generate a CRL that has moon's actual certificate revoked
| -rwxr-xr-x | testing/hosts/winnetou/etc/openssl/generate-crl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index 842c3a1b2..de3c13dcf 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl cp strongswan.crl ${ROOT} cp strongswanCert.pem ${ROOT} cp index.html ${ROOT} +# revoke moon's current CERT +pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl +cp strongswan_moon_revoked.crl ${ROOT} cd /etc/openssl/research openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem openssl crl -in crl.pem -outform der -out research.crl |