How to revoke a users certificate

Method 1:

You can revoke certificates using the “Revoke Certificates" page on the Admin UI:

Method 2:

You can revoke certificates via the OpenVPN-AS backend:

To delete a users certificate:

This can be done now with the CLI.  For example, if you want to revoke the cert for user foo:

./sa DeleteClient foo

If user foo has an autologin certificate, change the command as such:

./sa DeleteClient foo_AUTOLOGIN

What these commands actually do is to delete the cert for the named user from the AS certificates DB, so that it cannot be used to log into the AS.  The next time the user logs into the CWS or tries to access their profile using the web services API, a new certificate will be automatically generated.

To revoke a certificate having a specific common name:

./sacli -a ADMIN –cn COMMON_NAME RevokeCert

To revoke all certificates for a given user:

./sacli -a ADMIN –user USER_NAME RevokeUser

To prevent a user from getting a new certificate from the CWS after

./confdba -u –mod –prof USER_NAME –key prop_deny –value true

* you can run these commands from: /usr/local/openvpn_as/scripts