-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient-rev.py
36 lines (29 loc) · 1.36 KB
/
client-rev.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/usr/bin/env python
from jinja2 import Template
import sys, os, shutil, subprocess, time
#########################################################
# A python script to revoke signed certificates for #
# a vpn server #
#########################################################
def client_rev(name):
path = os.path.dirname(os.path.realpath('client-rev.py'))
print name
if not os.path.exists(path + "/out/" + name):
print "ERROR: " + name + " not found"
sys.exit(1)
else:
shutil.copy("keys/client/"+ name + "/" + name + ".crt", "easyrsa/EasyRSA-3.0.1/pki/issued/" + name + ".crt")
os.chdir(path + '/easyrsa/EasyRSA-3.0.1/') # cd to easyrsa directory
subprocess.call( [path + '/easyrsa/EasyRSA-3.0.1/easyrsa', 'revoke', name])
subprocess.call( [path + '/easyrsa/EasyRSA-3.0.1/easyrsa', 'gen-crl'])
os.chdir(path)
shutil.copy("easyrsa/EasyRSA-3.0.1/pki/crl.pem", path + "/crl.pem")
with open(path + "/easyrsa/EasyRSA-3.0.1/pki/index.txt") as f:
for line in f:
if line[0] == 'R':
print line
print ""
print "crl.pem file must be copied to /etc/openvpn directory on VPN server"
if __name__ == '__main__':
revname = raw_input('Enter username of client you wish to revoke: ')
client_rev(revname)