Revoking Certificates - certs not created on OpenVPN Server?

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
AndyInNYC
OpenVpn Newbie
Posts: 11
Joined: Wed Jun 20, 2012 4:02 pm

Revoking Certificates - certs not created on OpenVPN Server?

Post by AndyInNYC » Thu Mar 21, 2019 3:34 pm

I have an openwrt router running OpenVPN (it works fine).

I generated and store all my certificates on a Ubuntu server which is behind the router. I really don't want the router's space storing the certs nor it's slower processor creating them.

However, I'd like to be able to revoke certificates.

How can I do this?

Do I need to install easy-rsa on the router and regen all my certificates and start fresh?

Andrew
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Revoking Certificates - certs not created on OpenVPN Server?

Post by TinCanTech » Thu Mar 21, 2019 3:39 pm

AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I generated and store all my certificates on a Ubuntu server
Install easyrsa3 on that computer.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I'd like to be able to revoke certificates
Then revoke certificates with easyrsa3 on the computer above.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I have an openwrt router running OpenVPN
Copy the CRL file to this device.

Ensure your openvpn configuration has a CRL defined.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 Do I need to install easy-rsa on the router and regen all my certificates and start fresh?
No.
Top
Post Reply

Return to “Cert / Config management”