Page 1 of 1

Client revocation without the original CRT key

Posted: Mon Apr 24, 2017 8:04 pm
by nocode
So I was creating accounts for my users and my process would remove the client's crt file from the server after I had downloaded it and passed it on. I did this for security concerns and didn't realize I would need it for revocation.

Is there any way to manually revoke a client without the crt file? Going through the easyrsa script, it seems it's looking for that file.

I'm guessing if I manually edit the index.txt file won't do anything.

Thanks

Re: Client revocation without the original CRT key

Posted: Mon Apr 24, 2017 9:20 pm
by TinCanTech
See --crl-verify crl ['dir']

You know where to look .. :mrgreen: