Revoking Certificates - certs not created on OpenVPN Server?

Scripts to manage certificates or generate config files
Post Reply
AndyInNYC
OpenVPN User
Posts: 11
Joined: Wed Jun 20, 2012 4:02 pm

Revoking Certificates - certs not created on OpenVPN Server?

Post by AndyInNYC » Thu Mar 21, 2019 3:34 pm

I have an openwrt router running OpenVPN (it works fine).

I generated and store all my certificates on a Ubuntu server which is behind the router. I really don't want the router's space storing the certs nor it's slower processor creating them.

However, I'd like to be able to revoke certificates.

How can I do this?

Do I need to install easy-rsa on the router and regen all my certificates and start fresh?

Andrew

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5783
Joined: Fri Jun 03, 2016 1:17 pm

Re: Revoking Certificates - certs not created on OpenVPN Server?

Post by TinCanTech » Thu Mar 21, 2019 3:39 pm

AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
I generated and store all my certificates on a Ubuntu server
Install easyrsa3 on that computer.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
I'd like to be able to revoke certificates
Then revoke certificates with easyrsa3 on the computer above.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
I have an openwrt router running OpenVPN
Copy the CRL file to this device.

Ensure your openvpn configuration has a CRL defined.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
Do I need to install easy-rsa on the router and regen all my certificates and start fresh?
No.

Post Reply