#!/bin/sh

# revoke a certificate, regenerate CRL,
# and verify revocation

CRL=crl.pem
RT=revoke-test.pem

if test $# -ne 1; then
        echo "usage: revoke-full <name>";
        exit 1
fi

if test $KEY_DIR; then
       cd $KEY_DIR
       rm -f $RT

       # revoke key and generate a new CRL
       openssl ca -revoke $1.crt -config $KEY_CONFIG

       # generate a new CRL
       openssl ca -gencrl -crldays 3650 -out $CRL -config $KEY_CONFIG
       cat ca.crt $CRL >$RT
    
       # verify the revocation
echo verify the revocation
echo following error is good...
       openssl verify -CAfile $RT -crl_check $1.crt
else
       echo you must define KEY_DIR
fi

ls -ahl $RT
echo . crlView.sh
echo . 07-revoke-copy-crl
echo r /etc/init.d/apache2 stop \; r /etc/init.d/apache2 start