Client revocation without the original CRT key

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
nocode
OpenVpn Newbie
Posts: 6
Joined: Wed Oct 09, 2013 11:27 pm

Client revocation without the original CRT key

Post by nocode » Mon Apr 24, 2017 8:04 pm

So I was creating accounts for my users and my process would remove the client's crt file from the server after I had downloaded it and passed it on. I did this for security concerns and didn't realize I would need it for revocation.

Is there any way to manually revoke a client without the crt file? Going through the easyrsa script, it seems it's looking for that file.

I'm guessing if I manually edit the index.txt file won't do anything.

Thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client revocation without the original CRT key

Post by TinCanTech » Mon Apr 24, 2017 9:20 pm

See --crl-verify crl ['dir']

You know where to look .. :mrgreen:

Post Reply