openvpn revoke and unrevoke

https://superuser.com/questions/1244807/openvpn-server-disable-and-reenable-clients

[root@iZbp1fna7ky0qz2jbj7gfpZ 2.0]# pwd
/usr/local/openvpn-2.3.17/easy-rsa/2.0

source vars

[root@iZbp1fna7ky0qz2jbj7gfpZ 2.0]# /usr/local/openvpn-2.3.17/easy-rsa/2.0/revoke-full /usr/local/openvpn-2.3.17/easy-rsa/2.0/keys/cert_37
Using configuration from /usr/local/openvpn-2.3.17/easy-rsa/2.0/openssl-1.0.0.cnf
ERROR:Already revoked, serial number 2A

想恢复

cat /usr/local/openvpn-2.3.17/easy-rsa/2.0/keys/index.txt

将R改V,同时注意tab

source vars
openssl ca -gencrl -out "keys/crl.pem" -config "$KEY_CONFIG"

revoke.sh:

#!/bin/bash

keys_index_file=/usr/share/easy-rsa/keys/index.txt
fileline="$(grep "/CN=$1/" $keys_index_file)"
columns_number="$(echo $fileline | awk -F' ' '{print NF;}')"

if [[ $columns_number -eq 5 ]] && [[ $fileline == V* ]]; then

    source /usr/share/easy-rsa/vars 
    /usr/share/easy-rsa/revoke-full $1

    {
        sleep 3
        echo kill $1
        sleep 3
        echo exit
    } | telnet localhost 7505

    echo "Client certificate revoked successfully."
    exit 0;

elif [[ $columns_number -eq 6 ]] && [[ $fileline == R* ]]; then

    echo "Client certificate is already revoked."
    exit 0;

else

    echo "Error; key index file may be corrupted."
    exit 1;
fi

unrevoke.sh:

#!/bin/bash

keys_index_file=/usr/share/easy-rsa/keys/index.txt
linenumber="$(grep -n "/CN=$1/" $keys_index_file | cut -f1 -d:)"
fileline="$(grep -n "/CN=$1/" $keys_index_file)"
line="$(grep "/CN=$1/" $keys_index_file)"

columns_number="$(echo $line | awk -F' ' '{print NF;}')"
echo $columns_number

if [[ $columns_number -eq 6 ]] && [[ $line == R* ]]; then

    column2="$(echo $fileline | awk '{print $2}')"
    column4="$(echo $fileline | awk '{print $4}')"
    column5="$(echo $fileline | awk '{print $5}')"
    column6="$(echo $fileline | awk '{print $6}')"
    echo -e "V\t$column2\t\t$column4\t$column5\t$column6" >> $keys_index_file
    sed -i "${linenumber}d" $keys_index_file
    cd /usr/share/easy-rsa; source ./vars; openssl ca -gencrl -out "keys/crl.pem" -config "$KEY_CONFIG"

    echo "Certificate unrevoked successfully."
    exit 0;

elif [[ $columns_number -eq 5 ]] && [[ $fileline == V* ]]; then

    echo "Certificate is already unrevoked and active"
    exit 0;

else

    echo "Error; Key index file may be corrupted."
    exit 1;

fi

    A+
发布日期:2020年02月17日  所属分类:未分类

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: