Hello all,
I was inherited an environment that has an OpenVPN server that multiple clients connect to our backend. It currently has the following crl setting in the conf file:
crl-verify /path/to/dir dir
And in that /path/to/dir directory, there are empty files with numeric names, (e.g. 407, 2894, etc...). Its my understanding these number files represent serial numbers of certificates that are revoked.
My question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts. I want to add to this crl revoke list. If the numeric files doesn't represent serial numbers of certificates, what are those numbers and what do they represent.
Thanks
CRL dir??
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CRL dir??
That would be the client certificates.tku703@gmail.com wrote: ↑Sat Feb 22, 2020 3:02 pmMy question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Feb 22, 2020 2:53 pm
Re: CRL dir??
how do i find those serial numbers?
clientA = 407
clientB = 2894
How to find this info out?
clientA = 407
clientB = 2894
How to find this info out?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CRL dir??
TinCanTech wrote: ↑Sat Feb 22, 2020 6:59 pmThat would be the client certificates.tku703@gmail.com wrote: ↑Sat Feb 22, 2020 3:02 pmMy question is how do you find or view what the serial numbers of the certificates that my openvpn server trusts
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Feb 22, 2020 2:53 pm
Re: CRL dir??
is there a openssl command to run on the openvpn server to view all serial numbers of all certificates?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CRL dir??
You don't seem to be getting this, you need the client certificate.
If all else fails then you can contact me privately: tincanteksup <at> gmail
I suggest you contact whom-so-ever you inherited this from.tku703@gmail.com wrote: ↑Sat Feb 22, 2020 3:02 pmI was inherited an environment that has an OpenVPN server that multiple clients connect to our backend
If all else fails then you can contact me privately: tincanteksup <at> gmail