Openvpn revoke / unrevoke certificates

Sometimes You need to revoke access of a client in openvpn. The simpliest way to do this is to revoke certificate. Revoking certificate is almost as simple as clicking enter on a keyboard. To revoke certifikate just go to Your easy_rsa directory and enter following:

source ./vars
./revoke-all [certificate name]

Sometimes You need to revoke access of a client in openvpn only temporarily. Revoking access is done in the same way as above. But we need to unrevoke access. Here are the steps to do this.
First of all You need to go to Your easy_rsa directory (or where do You keep Your keys). You will find there index.txt file. Open it with Your favourite text editor. You will find there index of all certificates. Some lines begins with R and some with V. The ones that begins with R are pointing to revoked certificates. To unrevoke certificate just change R to V at the beggining of the line, and remove third column. After that just do:

source ./vars
openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"

After that client should connect to openvpn with no problem.

If You have any questions please leave a comment. I will answer asap.

Tagged with: , , , , ,
4 comments on “Openvpn revoke / unrevoke certificates
  1. om singh says:


    I have a problem after running the following command

    openssl ca -gencrl -out “crl.pem” -config “$KEY_CONFIG”


    Using configuration from /home/easy-rsa/openssl-1.0.0.cnf
    error on line 144 of config file ‘/home/easy-rsa/openssl-1.0.0.cnf’
    140069673105224:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 144

  2. Roberto Tenopala says:

    I have the same error. Were you able to resolve the issue?

  3. ben says:

    same error here. Anyone able to resolve it ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.