blob: f3d585ee5ed2c1d2f419aa47c5cb250716ce4719 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# Certification revocation, using either the account key or the
# certificate key
# also check issuance for ECDSA keys
openssl genpkey -algorithm EC -out /etc/lacme/simpletest.ecdsa.key \
-pkeyopt ec_paramgen_curve:P-256 \
-pkeyopt ec_param_enc:named_curve
sed "s/rsa/ecdsa/" /etc/lacme/lacme-certs.conf.d/simpletest-rsa.conf > \
/etc/lacme/lacme-certs.conf.d/simpletest-ecdsa.conf
# issue both RSA and ECDSA certificates
lacme newOrder 2>"$STDERR" || fail newOrder
test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key
# revoke the ECDSA certificate using the account key
lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"
# and the RSA certificate using the service key
mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
lacme revokeCert /etc/lacme/simpletest.rsa.crt
! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
# vim: set filetype=sh :
|