1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

Added a check before revoking a client certificate

This commit is contained in:
Tercio Gaudencio Filho 2016-11-16 17:47:31 -02:00 committed by GitHub
parent b6f0c42b5b
commit 4f228ef620

View File

@ -111,19 +111,25 @@ if [[ -e /etc/openvpn/server.conf ]]; then
else else
read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
fi fi
CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) if [[ "$CLIENTNUMBER" -ge 1 -a "$CLIENTNUMBER" -le $NUMBEROFCLIENTS ]]; then
cd /etc/openvpn/easy-rsa/ CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
./easyrsa --batch revoke $CLIENT cd /etc/openvpn/easy-rsa/
./easyrsa gen-crl ./easyrsa --batch revoke $CLIENT
rm -rf pki/reqs/$CLIENT.req ./easyrsa gen-crl
rm -rf pki/private/$CLIENT.key rm -rf pki/reqs/$CLIENT.req
rm -rf pki/issued/$CLIENT.crt rm -rf pki/private/$CLIENT.key
rm -rf /etc/openvpn/crl.pem rm -rf pki/issued/$CLIENT.crt
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem rm -rf /etc/openvpn/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chown nobody:$GROUPNAME /etc/openvpn/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody
echo "" chown nobody:$GROUPNAME /etc/openvpn/crl.pem
echo "Certificate for client $CLIENT revoked" echo ""
echo "Certificate for client $CLIENT revoked"
else
echo ""
echo "You selected a invalid client!"
exit 7
fi
exit exit
;; ;;
3) 3)