1 files changed, 12 insertions, 0 deletions

diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh
index 414687e..301cff2 100755
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -14,6 +14,9 @@ then
     exit 1
 fi
 
+# Generate static key for tls-auth (or static key mode)
+$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
+
 # Create required directories and files
 mkdir -p sample-ca
 rm -f sample-ca/index.txt
@@ -49,6 +52,14 @@ openssl pkcs12 -export -nodes -password pass:password \
     -out sample-ca/client.p12 -inkey sample-ca/client.key \
     -in sample-ca/client.crt -certfile sample-ca/ca.crt
 
+# Create a client cert, revoke it, generate CRL
+openssl req -new -nodes -config openssl.cnf \
+    -keyout sample-ca/client-revoked.key -out sample-ca/client-revoked.csr \
+    -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf \
+    -out sample-ca/client-revoked.crt -in sample-ca/client-revoked.csr
+openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt
+openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl
 
 # Create EC server and client cert (signed by 'regular' RSA CA)
 openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
@@ -73,3 +84,4 @@ openssl dhparam -out dh2048.pem 2048
 cp sample-ca/*.key .
 cp sample-ca/*.crt .
 cp sample-ca/*.p12 .
+cp sample-ca/*.crl .