Greetings,
Have inherited a vpn server running openvpn 2.0. I have visited the openvpn.net site, and tried to do ./revoke-full but got an error about KEY_DIR not set. When reading, there was some stiff cautions regarding setting it incorrectly as things get deleted.
So, how do I do this ? I will get on top of this, but have an immediate need to revoke a certificate.
Any help greatly appreciated.
thanks.
revoking a certificate
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 08, 2009 2:15 pm
Re: revoking a certificate
solution: must run . ./var prior to doing the revoke-full. . ./var (there is a space between the periods) sets the environment variable KEY_DIR.
Now, if I can figure out where to put the crl-verify crl.pem statement.
Now, if I can figure out where to put the crl-verify crl.pem statement.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jun 03, 2009 10:48 am
Re: revoking a certificate
Hello,
I am trying to revoke a certificate as guided at http://openvpn.net/index.php/documen...to.html#revoke but not getting through. I get following output:
Dipesh
I am trying to revoke a certificate as guided at http://openvpn.net/index.php/documen...to.html#revoke but not getting through. I get following output:
Can anybody please help me ?root@server1:/usr/share/doc/openvpn/examples/easy-rsa/2.0# ./revoke-full user1
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf'
32288:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf'
32289:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
cat: crl.pem: No such file or directory
user1.crt: /C=IN/ST=GJ/L=RJ/O=ABC/OU=MKT/CN=USER1/emailAddress=USER1@DOMAIN.COM
error 3 at 0 depth lookup:unable to get certificate CRL
Dipesh
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jun 03, 2009 10:48 am
Re: revoking a certificate
*** BUMP ***
- ecrist
- Forum Team
- Posts: 237
- Joined: Wed Nov 26, 2008 10:33 pm
- Location: Northern Minnesota, USA
- Contact:
Re: revoking a certificate
You can try running the following command to generate the CRL, and revoking the certificate, manually:
Replace <cert> above with the path to your CA certificate, and replace <config> with your openssl config file. I'm not really an expert with easy-rsa, as I think the suite of scripts is really lacking.
Code: Select all
openssl ca -revoke <cert> -config <config>
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN