Openvpn revoke / unrevoke certificates

REVOKING
Sometimes You need to revoke access of a client in openvpn. The simpliest way to do this is to revoke certificate. Revoking certificate is almost as simple as clicking enter on a keyboard. To revoke certifikate just go to Your easy_rsa directory and enter following:

source ./vars
./revoke-all [certificate name]

UNREVOKING
Sometimes You need to revoke access of a client in openvpn only temporarily. Revoking access is done in the same way as above. But we need to unrevoke access. Here are the steps to do this.
First of all You need to go to Your easy_rsa directory (or where do You keep Your keys). You will find there index.txt file. Open it with Your favourite text editor. You will find there index of all certificates. Some lines begins with R and some with V. The ones that begins with R are pointing to revoked certificates. To unrevoke certificate just change R to V at the beggining of the line, and remove third column. After that just do:

source ./vars
openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"

After that client should connect to openvpn with no problem.

If You have any questions please leave a comment. I will answer asap.

Posted in Uncategorized Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*