jami
/
jami-docs
mirror of https://git.jami.net/savoirfairelinux/jami-docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Certificate Commands: add commands to verify and manage CRL 

Change-Id: Id7b19e056b1b455fd7c4669916df6417599b7473
This commit is contained in:
Xavier Jouslin de Noray 2023-08-16 12:07:28 -04:00 committed by Andreas Traczyk
parent 671da2381e
commit fcb9036361
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
developer/jami-plugins-certificate.md
View File

@ -145,23 +145,34 @@ python3 ./SDK/certKey.py --plugin sign --issuer <path-to-plugin-certificate>\
## Revoked a certificate
### Install dependencies
### Create CRL
```bash
sudo apt install openssl
python3 ./certKey.py crl create --crl --issuer <path-to-ca> --subject crl <path-to-save-crl>
```
### Add Revoke certificate to CRL
```bash
openssl ca -revoke <certificate-to-revoke>.crt \
-keyfile <private_key> -cert <issuer-certificate>.crt
python3 ./certKey.py revoke --crl <path-to-crl> --subject <path-to-certificate-to-revoke> --issuer <path-to-ca> [--reason REASON]
```
### Update CRL file
## Verify certificate
### Verify certificate signing request
```bash
openssl ca -gencrl -keyfile <private_key> \
-cert <X.509 certificate> -out /etc/<CRL_directory>/temp.crt && \
cat <path-to-old-crt>/crl.crt /etc/<CRL_directory>/temp.crt > <path-to-crl-directory>/crl.crt \
rm -rf /etc/<CRL_directory>/temp.crt <path-to-old-crt>/crl.crt
python3 ./certKey.py --req [--archive] verify --path <path-to-csr> --issuer <path-to-issuer>
```
### Verify certificate
```bash
python3 ./certKey.py [--archive] verify --path <path-to-certificate> --issuer <path-to-issuer>
```
### Verify Jami Plugin
```bash
python3 ./certKey.py [--archive] verify --path <path-to-plugin>
```