CRL dir??

Scripts to manage certificates or generate config files
Post Reply
tku703@gmail.com
OpenVpn Newbie
Posts: 4
Joined: Sat Feb 22, 2020 2:53 pm

CRL dir??

Post by tku703@gmail.com » Sat Feb 22, 2020 3:02 pm

Hello all,

I was inherited an environment that has an OpenVPN server that multiple clients connect to our backend. It currently has the following crl setting in the conf file:

crl-verify /path/to/dir dir

And in that /path/to/dir directory, there are empty files with numeric names, (e.g. 407, 2894, etc...). Its my understanding these number files represent serial numbers of certificates that are revoked.

My question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts. I want to add to this crl revoke list. If the numeric files doesn't represent serial numbers of certificates, what are those numbers and what do they represent.

Thanks

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7319
Joined: Fri Jun 03, 2016 1:17 pm

Re: CRL dir??

Post by TinCanTech » Sat Feb 22, 2020 6:59 pm

tku703@gmail.com wrote:
Sat Feb 22, 2020 3:02 pm
My question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts
That would be the client certificates.

tku703@gmail.com
OpenVpn Newbie
Posts: 4
Joined: Sat Feb 22, 2020 2:53 pm

Re: CRL dir??

Post by tku703@gmail.com » Sat Feb 22, 2020 7:24 pm

how do i find those serial numbers?

clientA = 407
clientB = 2894

How to find this info out?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7319
Joined: Fri Jun 03, 2016 1:17 pm

Re: CRL dir??

Post by TinCanTech » Sat Feb 22, 2020 7:26 pm

TinCanTech wrote:
Sat Feb 22, 2020 6:59 pm
tku703@gmail.com wrote:
Sat Feb 22, 2020 3:02 pm
My question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts
That would be the client certificates.

tku703@gmail.com
OpenVpn Newbie
Posts: 4
Joined: Sat Feb 22, 2020 2:53 pm

Re: CRL dir??

Post by tku703@gmail.com » Sun Feb 23, 2020 1:54 pm

is there a openssl command to run on the openvpn server to view all serial numbers of all certificates?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7319
Joined: Fri Jun 03, 2016 1:17 pm

Re: CRL dir??

Post by TinCanTech » Sun Feb 23, 2020 5:01 pm

You don't seem to be getting this, you need the client certificate.
tku703@gmail.com wrote:
Sat Feb 22, 2020 3:02 pm
I was inherited an environment that has an OpenVPN server that multiple clients connect to our backend
I suggest you contact whom-so-ever you inherited this from.

If all else fails then you can contact me privately: tincanteksup <at> gmail

Post Reply