Revoke Certificate is not working

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
heinrickamador
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 18, 2017 10:47 pm

Revoke Certificate is not working

Post by heinrickamador » Tue Sep 19, 2017 2:29 am

Can Someone help me. I'm doing a Project with Wi-Fi EAP-TLS with freeRADIUS as a RADIUS server via Ubuntu Server 16.04.1

I already done with creating Client CA by using OpenVPN EASY-RSA but when I try to use the revoke it is not working
this are the commands that I used to revoke

cd /etc/openvpn/easy-rsa/
source ./vars
./revoke-full Client1

This is configuration of /etc/openvpn/server.conf

;local a.b.c.d
port 1194
# TCP or UDP server?
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert radius.crt
key radius.key # This file should be kept secret
dh dh2048.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
crl-verify crl.pem
;mute 20

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Revoke Certificate is not working

Post by TinCanTech » Tue Sep 19, 2017 11:44 am

Did you update the crl.pem file which the server reads ?

heinrickamador
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 18, 2017 10:47 pm

Re: Revoke Certificate is not working

Post by heinrickamador » Wed Sep 20, 2017 5:54 am

TinCanTech wrote:
Tue Sep 19, 2017 11:44 am
Did you update the crl.pem file which the server reads ?
How to Update it ?

heinrickamador
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 18, 2017 10:47 pm

Revoke Certificate (CA) in Wireless is not working

Post by heinrickamador » Mon Sep 25, 2017 4:13 am

Hi Good Day!

I setup 802.11x EAP-TLS for implementing Wi-Fi EAP-TLS

I used freeRADIUS as my RADIUS Server, OpenVPN & Easy-RSA for creating generating Certificate Authority (CA).
Generating Server and Client keys are working, Connecting to Wi-Fi using EAP-TLS is working too.

I test client certificate (Client1.p12) in my laptop and it was connected. But when I revoke using ./revoke-full Client1, The laptop can still connect to the Wi-Fi even though I remove and then add the certificate again.

I check the index.txt but it says there it was revoke since there was letter R when I check the details using "cat index.txt" command

Post Reply