I am a openvpn newbie. Now I want to revoke the openvpn user certifications. And I do the following steps,
1> run the command #source ./vars
2>run the command #./revoke-full client01
3>run the command #cp crl.pem /etc/openvpn
4>add the content crl-verify crl.pem into server.conf
5>restart the openvpn service
At the beginning, I revoked 2 certifications successfully. Yet when I tried to remove one more certifications, failed.The revoked certifications still connected normally.I checked the index.txt and found the signal of the revoked certifcations have changed "R".
Pls help me solve the problem ,tks a lot!
why I cant revoke the user certification ?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed May 04, 2011 9:46 am
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: why I cant revoke the user certification ?
perhaps the generation of the CRL failed; run
to get information about the revoked certs in the CRL file; if the cilent you want revoked is missing, regenerate the CRL using
Code: Select all
openssl crl -text -noout -in crl.pem
Code: Select all
openssl ca -gencrl -out crl.pem
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed May 04, 2011 9:46 am
Re: why I cant revoke the user certification ?
janjust, thanks for you reply. I checked the index.txt and found the problem.
The revoked unsuccessfully certification was built twice.So when I revoked the certification, I just revoked one of them successfully,and still left one same certification.That's why some certifications could be revoked and some couldn't.
Can u tell me how to revoke all the certifications manually or in other way?
The revoked unsuccessfully certification was built twice.So when I revoked the certification, I just revoked one of them successfully,and still left one same certification.That's why some certifications could be revoked and some couldn't.
Can u tell me how to revoke all the certifications manually or in other way?