I have an openwrt router running OpenVPN (it works fine).
I generated and store all my certificates on a Ubuntu server which is behind the router. I really don't want the router's space storing the certs nor it's slower processor creating them.
However, I'd like to be able to revoke certificates.
How can I do this?
Do I need to install easy-rsa on the router and regen all my certificates and start fresh?
Scripts to manage certificates or generate config files
2 posts • Page 1 of 1
- OpenVpn Newbie
- Posts: 11
- Joined: Wed Jun 20, 2012 4:02 pm
- OpenVPN Protagonist
- Posts: 7936
- Joined: Fri Jun 03, 2016 1:17 pm
Install easyrsa3 on that computer.
Then revoke certificates with easyrsa3 on the computer above.
Copy the CRL file to this device.
Ensure your openvpn configuration has a CRL defined.