Skip to content
Snippets Groups Projects
Normal view History Permalink
nss_revoke.sh 425 B
Newer Older
phoeagon's avatar
add nss_revoke script
phoeagon committed
1 2 3 4 5 
#!/bin/sh

DBPATH=$1
CERTS=$2
phoeagon's avatar
fixes revoke script to remove certs first  
phoeagon committed
6 7 8 9 10 11 12 13 14 

echo "Resetting CA set"
RESETS=``

certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \
while read CERT;do
    certutil -d sql:${DBPATH} -D -n "${CERT}"
done
phoeagon's avatar
add nss_revoke script
phoeagon committed
15 16 17 18 
echo "Revoking CAs in $DBPATH/cert9.db"

for CERT in $CERTS;do
    # p,p,p: prohibit all use
phoeagon's avatar
fixes revoke script to remove certs first  
phoeagon committed
19 
    certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT}
phoeagon's avatar
add nss_revoke script
phoeagon committed
20 21 22 
done

echo "Done"