# Generate clean CRL (No revocation so far)
openssl ca -gencrl -config crl_openssl.conf -out server.crl -cert root.crt -keyfile root.key
# Revoke Frontend Cert
-#openssl ca -revoke frontend.crt -config crl_openssl.conf -keyfile root.key -cert root.crt -out root.crl
+openssl ca -revoke frontend.crt -config crl_openssl.conf -keyfile root.key -cert root.crt -out root.crl
# Generate CRL after revocation
-#openssl ca -gencrl -config crl_openssl.conf -out server_revoked.crl -cert root.crt -keyfile root.key
+openssl ca -gencrl -config crl_openssl.conf -out server_revoked.crl -cert root.crt -keyfile root.key
chmod og-rwx etc/$SSL_KEY
cp -p ../$SSL_CRT etc/
cp -p ../$SSL_CRL etc/
-#cp -p ../$SSL_CRL2 etc/
+cp -p ../$SSL_CRL2 etc/
cp -p ../$ROOT_CRT etc/
echo "ssl = on" >> etc/pgpool.conf
# Starting CRL verification
-
# Adding valid CRL file in pgpool.conf file.
echo "ssl_crl_file = '$SSL_CRL'" >> etc/pgpool.conf
# Adding CRL file with revoked certification entry in pgpool.conf file.
echo "Updating pgpool.conf with revoked CRL file"
-# Revoke Frontend Cert
-(cd ..;openssl ca -revoke frontend.crt -config crl_openssl.conf -keyfile root.key -cert root.crt -out root.crl)
-# Generate CRL after revocation
-(cd ..; openssl ca -gencrl -config crl_openssl.conf -out server_revoked.crl -cert root.crt -keyfile root.key)
-cp -p ../$SSL_CRL2 etc/
-
sed -i 's/server.crl/server_revoked.crl/' etc/pgpool.conf
# Check pgpool configuration is updated successfully
projects / pgpool2.git / commitdiff