[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Delete certificates

  • Subject: Re: [Openvpn-users] Delete certificates
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Tue, 05 Jun 2007 14:32:36 -0300

Lars Bonnesen escreveu:
>>    Try modifying the revoke-full and revoke-cert script for doing 
>> that !! I'm sure you'll need no more than 2-3 new lines and it's done.
>>    The idea of revoking a certificate and it still continue valid for 
>> some hours does bother me a lot. If i revoke a certificate, i want 
>> the connection to be denied NOW ... and not in some hours, where the 
>> cron job will run.
>>    OK, once a day can be adequate for your system ... but im sure 
>> modifying the revoke scripts will be extremely easy and you'll get 
>> immediatly revokation working :)
> Ok, you are right - why not place the file the right place in the 
> first go...
> Another thing. How to reissue a certificate. For instance if you would 
> like to enable a password on a certificate or force a change on it? Is 
> it as simple as to run build-key-pass again, or do you have to revoke 
> and issue a new certificate (with a new common name)?

    You ALWAYS have to revoke if you dont want the certificate to 
connect anymore. After revoking, there's no 'unrevoking'. And after 
revoking, you can build another certificate with the same common name 
(CN). Notice that building a certificate with the same CN from a revoked 
certificate will NOT allow that revoked one (with the same CN) to 
connect again. It's revoked, that's the end. The new certificate with 
the old CN will be a new certificate, despite the reused CN.


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia

	Minha armadilha de SPAM, NÃO mandem email
	My SPAMTRAP, do not email it

Openvpn-users mailing list