|
|
Lars Bonnesen escreveu:
> I create certificates for OpenVPN with ./build-key-pass, I revoke them
> with revoke-cert...
>
> ... but how do I delete them - I mean if I want to disallow a certian
> certificate. I can probably delete the file, but it will still be in
> the list. What is the right approach?
>
Revoke it and it's done. You dont need to delete files if they were
revoked. Of course this is an interesting idea to not keep revoked
certificate files. But, it's not necessary.
After revoking, the certificate will not work at all.
Your approach is wrong. The server does not need to have access to
the client certificate files. If you erase them, that client will
connect normally to the server. In fact, those files never needed to be
on the server. You generate them on the server, but the server doesnt
need them.
The right approach is revoking. Deleting revoking certificate files
is just cleanup process, but not mandatory for avoiding the certificate
to connect.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|