REVOKING
Sometimes You need to revoke access of a client in openvpn. The simpliest way to do this is to revoke certificate. Revoking certificate is almost as simple as clicking enter on a keyboard. To revoke certifikate just go to Your easy_rsa directory and enter following:
source ./vars ./revoke-all [certificate name] |
UNREVOKING
Sometimes You need to revoke access of a client in openvpn only temporarily. Revoking access is done in the same way as above. But we need to unrevoke access. Here are the steps to do this.
First of all You need to go to Your easy_rsa directory (or where do You keep Your keys). You will find there index.txt file. Open it with Your favourite text editor. You will find there index of all certificates. Some lines begins with R and some with V. The ones that begins with R are pointing to revoked certificates. To unrevoke certificate just change R to V at the beggining of the line, and remove third column. After that just do:
source ./vars openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG" |
After that client should connect to openvpn with no problem.
If You have any questions please leave a comment. I will answer asap.
Hi,
I have a problem after running the following command
openssl ca -gencrl -out “crl.pem” -config “$KEY_CONFIG”
error
Using configuration from /home/easy-rsa/openssl-1.0.0.cnf
error on line 144 of config file ‘/home/easy-rsa/openssl-1.0.0.cnf’
140069673105224:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 144
I have the same error. Were you able to resolve the issue?
same error here. Anyone able to resolve it ?
No sorry I haven’t seen this error. Maybe someone else can help?