How can I revoke a cert with a conflicting serial number?

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
alohaaaron
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 23, 2015 10:26 pm

How can I revoke a cert with a conflicting serial number?

Post by alohaaaron » Fri Sep 03, 2021 3:12 pm

Hi, I have two servers and I've revoked a cert (serial #8) on Server A and I want to revoke, or at least prevent the user from logging in on Server B, but the cert doesn't exist.
* Can I copy the revoke statement from the index file on Server A and put it in the index file of Server B to revoke it?
* I have an existing valid entry on Server B that is using serial #8 but it has a different CN than the one I want to revoke. Will adding the revoke entry cause an issue with this other entry?
* If it will cause an issue can I change the serial number on the revoke statement and the serial number in the serial file to be greater values that don't conflict?
* Would it be a better solution to copy the pem and cert files to Server B and issue a revoke-all from there? The pem file would be 08.pem though unless I can change that if necessary?

Thanks!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How can I revoke a cert with a conflicting serial number?

Post by TinCanTech » Sun Sep 05, 2021 9:47 pm

By the sound of it, you don't understand how a PKI works, you are in a mess and you want a quick fix.

I'll assume this is for work and offer my service: tincantech at protonmail dot com (Fees will apply)

Post Reply