I have an openwrt router running OpenVPN (it works fine).
I generated and store all my certificates on a Ubuntu server which is behind the router. I really don't want the router's space storing the certs nor it's slower processor creating them.
However, I'd like to be able to revoke certificates.
How can I do this?
Do I need to install easy-rsa on the router and regen all my certificates and start fresh?
Andrew
Revoking Certificates - certs not created on OpenVPN Server?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 11
- Joined: Wed Jun 20, 2012 4:02 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Revoking Certificates - certs not created on OpenVPN Server?
Install easyrsa3 on that computer.
Then revoke certificates with easyrsa3 on the computer above.
Copy the CRL file to this device.
Ensure your openvpn configuration has a CRL defined.
No.