beatz174-bit
28 lines
854 B
Bash
Executable File
28 lines
854 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
if [[ $# -lt 1 ]]; then
|
|
echo "Usage: $0 <client-name>"
|
|
exit 1
|
|
fi
|
|
|
|
CLIENT_NAME="$1"
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
TRAEFIK_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
|
|
CLIENT_DIR="${TRAEFIK_ROOT}/certs/clients/${CLIENT_NAME}"
|
|
REVOKED_DIR="${TRAEFIK_ROOT}/certs/revoked"
|
|
|
|
if [[ ! -d "${CLIENT_DIR}" ]]; then
|
|
echo "No certificate directory found for client '${CLIENT_NAME}'."
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p "${REVOKED_DIR}"
|
|
|
|
STAMP="$(date -u +%Y%m%dT%H%M%SZ)"
|
|
mv "${CLIENT_DIR}" "${REVOKED_DIR}/${CLIENT_NAME}-${STAMP}"
|
|
|
|
echo "Moved client certificate material to ${REVOKED_DIR}/${CLIENT_NAME}-${STAMP}."
|
|
echo "Note: Traefik clientAuth with a CA file does not enforce revocation lists by default."
|
|
echo "For immediate hard revocation, rotate the client CA and re-issue trusted client certificates."
|