Untitled

 avatar
unknown
plain_text
19 days ago
1.6 kB
4
Indexable
# Function to revoke a certificate
function Revoke-Certificate {
    param (
        [string]$CertificatePath,
        [string]$SerialNumber
    )
    
    # Check if the certificate exists
    if (-not (Test-Path $CertificatePath)) {
        Write-Error "The certificate to revoke does not exist: $CertificatePath"
        return
    }
    
    # Check if the CA is initialized
    if (-not (Test-Path "$MINICA_PATH\index.txt")) {
        Write-Error "The CA is not initialized. Run -create-ca first."
        return
    }
    
    # Get the certificate's serial number and verify it matches the provided one
    $serialOutput = openssl x509 -in $CertificatePath -noout -serial
    if ($serialOutput -match "serial=(.+)") {
        $certSerial = $matches[1].ToLower()
        
        $serialHex = $SerialNumber.ToLower()
        
        # Check if the serial number matches
        if ($certSerial -ne $serialHex) {
            Write-Error "Certificate serial number ($certSerial) does not match the provided serial ($serialHex)"
            return
        }
        
        Write-Host "Serial number verified: $certSerial (decimal: $([Convert]::ToInt32($certSerial, 16)))"
    } else {
        Write-Error "Could not read certificate serial number"
        return
    }
    
    # Execute the revocation command using the main configuration file
    openssl ca -config "$MINICA_PATH\openssl.cnf" -revoke $CertificatePath -crl_reason "unspecified"
    
    Write-Host "Certificate successfully revoked: $CertificatePath"
    Write-Host "To generate a new CRL, run: mini-pki -gencrl"
}
Editor is loading...
Leave a Comment