testing: Generate a CRL that has moon's actual certificate revoked
authorTobias Brunner <tobias@strongswan.org>
Tue, 27 Oct 2015 16:42:15 +0000 (17:42 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 10 Mar 2016 10:07:15 +0000 (11:07 +0100)
testing/hosts/winnetou/etc/openssl/generate-crl

index 842c3a1..de3c13d 100755 (executable)
@@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl
 cp strongswan.crl     ${ROOT}
 cp strongswanCert.pem ${ROOT}
 cp index.html         ${ROOT}
+# revoke moon's current CERT
+pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl
+cp strongswan_moon_revoked.crl ${ROOT}
 cd /etc/openssl/research
 openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out research.crl