[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Delete certificates

  • Subject: Re: [Openvpn-users] Delete certificates
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Mon, 04 Jun 2007 18:49:51 -0300

Lars Bonnesen escreveu:
> I create certificates for OpenVPN with ./build-key-pass, I revoke them 
> with revoke-cert...
> ... but how do I delete them - I mean if I want to disallow a certian 
> certificate. I can probably delete the file, but it will still be in 
> the list. What is the right approach?
    Revoke it and it's done. You dont need to delete files if they were 
revoked. Of course this is an interesting idea to not keep revoked 
certificate files. But, it's not necessary.

    After revoking, the certificate will not work at all.

    Your approach is wrong. The server does not need to have access to 
the client certificate files. If you erase them, that client will 
connect normally to the server. In fact, those files never needed to be 
on the server. You generate them on the server, but the server doesnt 
need them.

    The right approach is revoking. Deleting revoking certificate files 
is just cleanup process, but not mandatory for avoiding the certificate 
to connect.


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia

	Minha armadilha de SPAM, NÃO mandem email
	My SPAMTRAP, do not email it

Openvpn-users mailing list