Client revocation without the original CRT key

Scripts to manage certificates or generate config files
nocode
OpenVpn Newbie
Posts: 6
Joined: Wed Oct 09, 2013 11:27 pm

Client revocation without the original CRT key

Postby nocode » Mon Apr 24, 2017 8:04 pm

So I was creating accounts for my users and my process would remove the client's crt file from the server after I had downloaded it and passed it on. I did this for security concerns and didn't realize I would need it for revocation.

Is there any way to manually revoke a client without the crt file? Going through the easyrsa script, it seems it's looking for that file.

I'm guessing if I manually edit the index.txt file won't do anything.

Thanks

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2435
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client revocation without the original CRT key

Postby TinCanTech » Mon Apr 24, 2017 9:20 pm

See --crl-verify crl ['dir']

You know where to look .. :mrgreen:


Return to “Cert / Config management”

Who is online

Users browsing this forum: No registered users and 2 guests