From fcb9036361a10610baf3ccdf24e3c4a92c0771fc Mon Sep 17 00:00:00 2001 From: Xavier Jouslin de Noray <xavier.jouslindenoray@savoirfairelinux.com> Date: Wed, 16 Aug 2023 12:07:28 -0400 Subject: [PATCH] Certificate Commands: add commands to verify and manage CRL Change-Id: Id7b19e056b1b455fd7c4669916df6417599b7473 --- developer/jami-plugins-certificate.md | 29 ++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/developer/jami-plugins-certificate.md b/developer/jami-plugins-certificate.md index e8c96fa5..52ca98dd 100644 --- a/developer/jami-plugins-certificate.md +++ b/developer/jami-plugins-certificate.md @@ -145,23 +145,34 @@ python3 ./SDK/certKey.py --plugin sign --issuer <path-to-plugin-certificate>\ ## Revoked a certificate -### Install dependencies +### Create CRL ```bash -sudo apt install openssl +python3 ./certKey.py crl create --crl --issuer <path-to-ca> --subject crl <path-to-save-crl> ``` + ### Add Revoke certificate to CRL ```bash -openssl ca -revoke <certificate-to-revoke>.crt \ --keyfile <private_key> -cert <issuer-certificate>.crt +python3 ./certKey.py revoke --crl <path-to-crl> --subject <path-to-certificate-to-revoke> --issuer <path-to-ca> [--reason REASON] +``` + +## Verify certificate + +### Verify certificate signing request + +```bash +python3 ./certKey.py --req [--archive] verify --path <path-to-csr> --issuer <path-to-issuer> +``` + +### Verify certificate + +```bash +python3 ./certKey.py [--archive] verify --path <path-to-certificate> --issuer <path-to-issuer> ``` -### Update CRL file +### Verify Jami Plugin ```bash -openssl ca -gencrl -keyfile <private_key> \ --cert <X.509 certificate> -out /etc/<CRL_directory>/temp.crt && \ -cat <path-to-old-crt>/crl.crt /etc/<CRL_directory>/temp.crt > <path-to-crl-directory>/crl.crt \ -rm -rf /etc/<CRL_directory>/temp.crt <path-to-old-crt>/crl.crt +python3 ./certKey.py [--archive] verify --path <path-to-plugin> ``` -- GitLab