diff --git a/Linux/nss_revoke.sh b/Linux/nss_revoke.sh index 1a7887c6bc99731c37996babce62e9cedaa0b4a3..e6d63ffda6ca8ad66a4b35ba29254b1f8430dae4 100755 --- a/Linux/nss_revoke.sh +++ b/Linux/nss_revoke.sh @@ -3,11 +3,20 @@ DBPATH=$1 CERTS=$2 + +echo "Resetting CA set" +RESETS=`` + +certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \ +while read CERT;do + certutil -d sql:${DBPATH} -D -n "${CERT}" +done + echo "Revoking CAs in $DBPATH/cert9.db" for CERT in $CERTS;do # p,p,p: prohibit all use - certutil -d sql:${DBPATH} -A -n "${CERT}" -t p,p,p -i ${CERT} + certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT} done echo "Done"