GmSSL生成国密证书请查看:GmSSL证书生成
使用以下脚本来吊销相生成的证书:
#!/bin/sh
#Generate GM certificate crl file
#Author : xiejianjun
#Date : 2020-07-31
CurPath=`dirname $(readlink -f $0)`
GmsslRootPath=/projects/GmSSL
GmsslBin=${GmsslRootPath}/apps/gmssl
DemoCaDir=${GmsslRootPath}/apps/demoCA/
CertDir=${DemoCaDir}/certs/
KeyDir=${CertDir}
CrlDir=${DemoCaDir}/crl/
ReqDir=${DemoCaDir}/reqs/
export LD_LIBRARY_PATH=${GmsslRootPath}
if [ -z "$1" ]; then
echo "Usage: "`basename "$0"`" cert0 [cert1 cert2 ...]"
fi
touch "${DemoCaDir}/index.txt"
touch "${DemoCaDir}/index.txt.attr"
if [ ! -e "${DemoCaDir}/crlnumber" ]; then
echo 01 > "${DemoCaDir}/crlnumber"
fi
cd "${DemoCaDir}/.."
until [ $# -eq 0 ]
do
${GmsslBin} ca -revoke "${CertDir}/$1" -keyfile "${CertDir}/CA.key.pem" -cert "${CertDir}/CA.cert.pem"
shift
done
${GmsslBin} ca -gencrl -keyfile "${CertDir}/CA.key.pem" -cert "${CertDir}/CA.cert.pem" -out "${CrlDir}/gm_cert.crl"