Making OpenVPN key creation easier until we get a GUI

running

Can anyone help? If not in command line can i do it in windows using the revoke-full.bat in windows

Thank you!

nosborne

Updated - I had the syntax wrong, and didn't include my changes to vars.  This should be complete now.
–-----------------
I've got this working now, using a revoke-full script and some changes to the vars file.  Steps to revoke are:  run 'source ./vars' first, then ./revoke-full username, then post the new keys/crl.pem file to the configuration through the GUI.

Here is the script:

#!/bin/sh

# revoke a certificate, regenerate CRL,
# and verify revocation

CRL="crl.pem"
RT="revoke-test.pem"

if [ $# -ne 1 ]; then
    echo "usage: revoke-full <common-name>";
    exit 1
fi

if [ "$KEY_DIR" ]; then
    cd "$KEY_DIR"
    rm -f "$RT"

    # set defaults
    export KEY_CN=""
    export KEY_OU=""

    # revoke key and generate a new CRL
    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"

    # generate a new CRL -- try to be compatible with
    # intermediate PKIs
    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
    if [ -e export-ca.crt ]; then
        cat export-ca.crt "$CRL" >"$RT"
    else
        cat ca.crt "$CRL" >"$RT"
    fi
fi</common-name> 

And the changes to vars:

.
.
# Changes to allow for revoke-full option
setenv KEY_OU "$KEY_ORG"
setenv KEY_CN "my.servername.com"  #This should match the servername in your server cert
setenv PKCS11_MODULE_PATH "$PKCS11TOOL"
setenv PKCS11_PIN "dummy"