Thanks! That sounds much better. I'll take a look.
Have a great day,
Nate
-----Original Message-----
From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Merrill
Sent: Monday, December 05, 2005 9:14 AM
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] ssl cert unrevoke?
Kroll, Nathan wrote:
I was wondering if anyone knows how to unrevoke an SSL certificate
using
OpenSSL. We want to be able to revoke and unrevoke at will, but
cannot
find a way to unrevoke a certificate. Any help is appreciated. Is
there any other way to limit which certs can be used with OpenVPN
without revoking them? I was a user to authenticate to some other
source, then unrevoke their cert for 24 hours, then revoke it again.
That way the certificates stored on machines are useless without
having
the authorization access to have them made active.
Revoking a certificate is supposed to be an irreversible action. There
may be ways around it, but I wouldn't advise trying them for anything
other than an acedemic exercise.
You can use the ccd-exclusive configuration option to restrict which
certificates are permitted to connect. Create a (possibly empty) config
file for each legitimate user; and be sure to name the file the same as
the CommonName field in that user's certificate.
Thenm rather than revoke their certificate, simply delete (or rename)
their CCD file. The ccd-exclusive directive will prevent this user from
connecting. If you later want to restore OpenVPN access for that
user/certificate, simply restore (or rename) their CCD file.
Cheers,
Scott