From 6eaa8b5c51733e21a1480f5bac5d753d16982c0f Mon Sep 17 00:00:00 2001
From: richard-dds <richard-ctr@friends.dds.mil>
Date: Thu, 30 Aug 2018 11:11:04 -0400
Subject: [PATCH 1/2] Update ssl crl config and certs. See you in a year

---
 ssl/client-certs/client-ca.der.crl   | Bin 502 -> 502 bytes
 ssl/client-certs/crl_openssl.conf    |   2 +-
 tests/fixtures/crl/client-ca.der.crl | Bin 502 -> 502 bytes
 3 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/client-certs/client-ca.der.crl b/ssl/client-certs/client-ca.der.crl
index 8ec9e37f49341a8bb3a3c06983e137b13dd37b0a..7eb07ee0499ca0c42c566bae1e73954921bd6a97 100644
GIT binary patch
delta 293
zcmV+=0owld1NH-us~9*lFflbSGBYz;7Y#8vFgP<XF*PtUGc%FHGk<ab%uzQ?5cIf5
z<I%-^fARrK&y-ys_gG$I{}snM6aAp_Ewk_1kQOTLs;NS7$7r##hMr<;8o*oWfT=5U
z+y`zAM+I01_07w9uwx^9$o(eSi_F2!iUf7>hA0y_!X1|eC^!H$eM5{B53d@|!vf%6
zy=<ctoRP4jg056BOn<WVLPQ3L&ZQTrRlezJ!<N4lxn9R~&-$CJF*eA-{KR3ic^%eq
z-&>mYgzF#$^ri(e{Wf%+11zc_fY4<Pwib+fcg8i<j4PAo>!dQ*1GH^bFD!hGP9i1D
rCA~)Z>JoQ+H4fCNj=-jJ+NfOoC#UAD<mRsLX!BwuMjvJ{8Ug@>rb&sc

delta 293
zcmV+=0owld1NH-us~9&kFfuVRIWRF=7Y#8uFgP+fGBGkaFfozCGk<-QlIKt{pB*@f
zC(L(QIsH4w)gFz#LpISb>t-@oxBH8!5ha|Ldq=j2l(Z1dCtI@N=J0nPaKyW1LofHw
zT!f{}Z26`6mE<e@>Fl>-XueY(%{_We4LHrE$`V|3P0HoD?USmKfx8r>6P7G|>!)oZ
zvv5zBs2KQ^The*i{eLCXuZ-Uf%SL_5Eqx#cvvdH_58b4brAk4w#$4kEw^t782Th`I
z%WF9BisCl=?N&=n*aW@@|2W?B0#1TCWk`2MM1p{8%6l3cgU(8OR4`dKE{}h9CKjZm
ri@!n6^#rXWwYEK(TZJzQmPA#<D2&mFz7p;xR=f7;sWvjIU;?Ii0@jNx

diff --git a/ssl/client-certs/crl_openssl.conf b/ssl/client-certs/crl_openssl.conf
index 5c061883..c017a31d 100644
--- a/ssl/client-certs/crl_openssl.conf
+++ b/ssl/client-certs/crl_openssl.conf
@@ -8,7 +8,7 @@ database       = $dir/index.txt        # index file.
 # new_certs_dir  = $dir/newcerts         # new certs dir
 
 default_days   = 365                   # how long to certify for
-default_crl_days= 30                   # how long before next CRL
+default_crl_days = 365                 # how long before next CRL
 default_md     = md5                   # md to use
 
 policy         = policy_any            # default policy
diff --git a/tests/fixtures/crl/client-ca.der.crl b/tests/fixtures/crl/client-ca.der.crl
index 8ec9e37f49341a8bb3a3c06983e137b13dd37b0a..7eb07ee0499ca0c42c566bae1e73954921bd6a97 100644
GIT binary patch
delta 293
zcmV+=0owld1NH-us~9*lFflbSGBYz;7Y#8vFgP<XF*PtUGc%FHGk<ab%uzQ?5cIf5
z<I%-^fARrK&y-ys_gG$I{}snM6aAp_Ewk_1kQOTLs;NS7$7r##hMr<;8o*oWfT=5U
z+y`zAM+I01_07w9uwx^9$o(eSi_F2!iUf7>hA0y_!X1|eC^!H$eM5{B53d@|!vf%6
zy=<ctoRP4jg056BOn<WVLPQ3L&ZQTrRlezJ!<N4lxn9R~&-$CJF*eA-{KR3ic^%eq
z-&>mYgzF#$^ri(e{Wf%+11zc_fY4<Pwib+fcg8i<j4PAo>!dQ*1GH^bFD!hGP9i1D
rCA~)Z>JoQ+H4fCNj=-jJ+NfOoC#UAD<mRsLX!BwuMjvJ{8Ug@>rb&sc

delta 293
zcmV+=0owld1NH-us~9&kFfuVRIWRF=7Y#8uFgP+fGBGkaFfozCGk<-QlIKt{pB*@f
zC(L(QIsH4w)gFz#LpISb>t-@oxBH8!5ha|Ldq=j2l(Z1dCtI@N=J0nPaKyW1LofHw
zT!f{}Z26`6mE<e@>Fl>-XueY(%{_We4LHrE$`V|3P0HoD?USmKfx8r>6P7G|>!)oZ
zvv5zBs2KQ^The*i{eLCXuZ-Uf%SL_5Eqx#cvvdH_58b4brAk4w#$4kEw^t782Th`I
z%WF9BisCl=?N&=n*aW@@|2W?B0#1TCWk`2MM1p{8%6l3cgU(8OR4`dKE{}h9CKjZm
ri@!n6^#rXWwYEK(TZJzQmPA#<D2&mFz7p;xR=f7;sWvjIU;?Ii0@jNx


From 5eed37b3b3990be9af471aefa711b1926029df11 Mon Sep 17 00:00:00 2001
From: richard-dds <richard-ctr@friends.dds.mil>
Date: Thu, 30 Aug 2018 11:47:02 -0400
Subject: [PATCH 2/2] Ad some steps to the README

---
 ssl/client-certs/README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/client-certs/README.md b/ssl/client-certs/README.md
index 10ab5fd3..6130ee3a 100644
--- a/ssl/client-certs/README.md
+++ b/ssl/client-certs/README.md
@@ -28,3 +28,7 @@ openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.m
 > atat.mil.crt: OK
 ```
 
+To regenerate the crl:
+
+`openssl ca -gencrl -keyfile client-ca.key -cert client-ca.crt -out <cert_name>.crl -config crl_openssl.conf`
+`openssl crl -inform der -in client-ca.der.crl -noout -text`