Untitled
unknown
plain_text
19 days ago
1.6 kB
4
Indexable
# Function to revoke a certificate function Revoke-Certificate { param ( [string]$CertificatePath, [string]$SerialNumber ) # Check if the certificate exists if (-not (Test-Path $CertificatePath)) { Write-Error "The certificate to revoke does not exist: $CertificatePath" return } # Check if the CA is initialized if (-not (Test-Path "$MINICA_PATH\index.txt")) { Write-Error "The CA is not initialized. Run -create-ca first." return } # Get the certificate's serial number and verify it matches the provided one $serialOutput = openssl x509 -in $CertificatePath -noout -serial if ($serialOutput -match "serial=(.+)") { $certSerial = $matches[1].ToLower() $serialHex = $SerialNumber.ToLower() # Check if the serial number matches if ($certSerial -ne $serialHex) { Write-Error "Certificate serial number ($certSerial) does not match the provided serial ($serialHex)" return } Write-Host "Serial number verified: $certSerial (decimal: $([Convert]::ToInt32($certSerial, 16)))" } else { Write-Error "Could not read certificate serial number" return } # Execute the revocation command using the main configuration file openssl ca -config "$MINICA_PATH\openssl.cnf" -revoke $CertificatePath -crl_reason "unspecified" Write-Host "Certificate successfully revoked: $CertificatePath" Write-Host "To generate a new CRL, run: mini-pki -gencrl" }
Editor is loading...
Leave a Comment