Question about revoke procedure

Scripts to manage certificates or generate config files
Post Reply
yukih
OpenVpn Newbie
Posts: 2
Joined: Mon Jul 13, 2020 5:34 am

Question about revoke procedure

Post by yukih » Mon Jul 13, 2020 5:43 am

Hi,

I have an OpenVPN server installed and running on FreeBSD.

FreeBSD version : 12.1
OpenVPN version : 2.4.8

The revoke process creates crl.pem, but copy this file to a location where openvpn can access it.
Then, it is natural that the client PC that is the target of revoke cannot newly connect to the OpenVPN server.
However, the client PC that is not the target of revoke cannot connect to the OpenVPN server newly.
There was a message "CRL: cannot read: crl.pem" in the log.

At this time, if the OpenVPN daemon is restarted, client PCs that are not the target of revoke can newly connect to the OpenVPN server.

Is this as expected?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: Question about revoke procedure

Post by TinCanTech » Mon Jul 13, 2020 1:50 pm

yukih wrote:
Mon Jul 13, 2020 5:43 am
There was a message "CRL: cannot read: crl.pem" in the log
Then you should find out why the file cannot be read ..

viewtopic.php?f=30&t=22603#p68963

yukih
OpenVpn Newbie
Posts: 2
Joined: Mon Jul 13, 2020 5:34 am

Re: Question about revoke procedure

Post by yukih » Tue Jul 14, 2020 2:37 am

It did not have read permission on the crl.pem file.
Granting read permission solved the problem.

Post Reply