why I cant revoke the user certification ?

zzwindtree · Post by **zzwindtree** » Wed May 04, 2011 9:57 am

I am a openvpn newbie. Now I want to revoke the openvpn user certifications. And I do the following steps,
1> run the command #source ./vars
2>run the command #./revoke-full client01
3>run the command #cp crl.pem /etc/openvpn
4>add the content crl-verify crl.pem into server.conf
5>restart the openvpn service
At the beginning, I revoked 2 certifications successfully. Yet when I tried to remove one more certifications, failed.The revoked certifications still connected normally.I checked the index.txt and found the signal of the revoked certifcations have changed "R".
Pls help me solve the problem ,tks a lot!

Post by **janjust** » Wed May 04, 2011 1:05 pm

perhaps the generation of the CRL failed; run

Code: Select all

openssl crl -text -noout -in crl.pem

to get information about the revoked certs in the CRL file; if the cilent you want revoked is missing, regenerate the CRL using

Code: Select all

openssl ca -gencrl -out crl.pem

zzwindtree · Post by **zzwindtree** » Thu May 05, 2011 1:11 am

janjust, thanks for you reply. I checked the index.txt and found the problem.

The revoked unsuccessfully certification was built twice.So when I revoked the certification, I just revoked one of them successfully,and still left one same certification.That's why some certifications could be revoked and some couldn't.

Can u tell me how to revoke all the certifications manually or in other way?

OpenVPN Support Forum

why I cant revoke the user certification ?

why I cant revoke the user certification ?

Re: why I cant revoke the user certification ?

Re: why I cant revoke the user certification ?