[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Revoking Certificate

  • Subject: Re: [Openvpn-users] Revoking Certificate
  • From: Felipe Sanchez <izto@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 7 May 2003 22:32:31 -0500 (CDT)

On Wed, 30 Apr 2003, Malcolm Sole wrote:

> Hi
> I am using OpenVPN with a number of clients connecting to a central system
> and it works very well. I am not sure of what the procedure would be to
> revoke a client's certificate (if say the client box is stolen). I am using
> the easy-rsa scripts to create self signed certificates.
> Can anyone point me in the right direction please?

What you need is a Certificate Revocation List (CRL). You will have to add
all the certificates you don't want to allow anymore, and then instruct
openvpn to run openssl and verify the CRL when the client connects.

There was some talking about adding CRL support to OpenVPN a while ago, I
have been doing some work in that area. Any help is welcome, of course  :)

Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions

Openvpn-users mailing list