[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] revoke a client


  • Subject: Re: [Openvpn-users] revoke a client
  • From: venne <rvenne@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 20 Oct 2004 17:01:30 +0200

what does mean key_dir & key_config?

I put all invalid client's keys in key_dir?
Mathias Sundman wrote:

On Wed, 20 Oct 2004, venne wrote:

I wonder how to revoke a linux openvpn (1.6) client, using openssl.


Here's two scripts I added to the easy-rsa package:

file "revoke":
#!/bin/bash

#
# Revoke a certificate.
#

if test $# -ne 1; then
        echo "usage: revoke <name>";
        exit 1
fi

if test $KEY_DIR; then
        cd $KEY_DIR && \
        openssl ca -revoke $1.crt -config $KEY_CONFIG
else
        echo you must define KEY_DIR
fi

#############################################

### file "build-crl":
#!/bin/bash

#
# Generate a CRL file.
#

if test $# -ne 0; then
        echo "usage: build-crl";
        exit 1
fi

if test $KEY_DIR; then
        cd $KEY_DIR && \
        openssl ca -gencrl -out $CRL_FILE -config $KEY_CONFIG
else
        echo you must define KEY_DIR
fi

###########################################

And add something like this to the vars file:

# Path and name of CRL file to be
# generated with ./build-crl
export CRL_FILE=/etc/openvpn/keys/crl.pem




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users