Revoking Client

Question

Revoking Client

cemo opened this issue 8 years ago · comments

What is the best way to revoking client certificates?

Pieter Lange · Answer 1 · Sun Feb 19 2017 17:18:07 GMT+0800 (China Standard Time)

If you used easyrsa to setup your PKI, use easyrsa to revoke the client:

docker run --user=$(id -u) -e OVPN_SERVER_URL=tcp://vpn.my.fqdn:1194 -v $PWD:/etc/openvpn -ti ptlange/openvpn easyrsa revoke <CN>

Then, update the CRL with:
./kube/update-crl.sh <namespace> [#days the CRL is valid]

Leaving this issue open until i documented this properly.

Cemalettin Koc · Answer 2 · Sun Feb 19 2017 20:15:55 GMT+0800 (China Standard Time)

@pieterlange thanks for your information. I am new to vpn land and trying to understand how things are working.

I have just understood that CRL is certification revocation list. I did not notice that file before. :) I thought all commands are running locally and how revocation would work without updating server. Now it is clear. Thank you.

Pieter Lange · Answer 3 · Mon Feb 27 2017 05:58:59 GMT+0800 (China Standard Time)

Docs added in 0309c4f