OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

revoking a certificate

https://forums.openvpn.net/viewtopic.php?t=129

Page 1 of 1

revoking a certificate

Posted: Fri May 08, 2009 2:19 pm
by ksukat
Greetings,
Have inherited a vpn server running openvpn 2.0. I have visited the openvpn.net site, and tried to do ./revoke-full but got an error about KEY_DIR not set. When reading, there was some stiff cautions regarding setting it incorrectly as things get deleted.

So, how do I do this ? I will get on top of this, but have an immediate need to revoke a certificate.

Any help greatly appreciated.

thanks.

Re: revoking a certificate

Posted: Sat May 09, 2009 12:10 pm
by ksukat
solution: must run . ./var prior to doing the revoke-full. . ./var (there is a space between the periods) sets the environment variable KEY_DIR.

Now, if I can figure out where to put the crl-verify crl.pem statement.

Re: revoking a certificate

Posted: Wed Jun 03, 2009 10:53 am
by dipeshmehta
Hello,

I am trying to revoke a certificate as guided at http://openvpn.net/index.php/documen...to.html#revoke but not getting through. I get following output:
root@server1:/usr/share/doc/openvpn/examples/easy-rsa/2.0# ./revoke-full user1
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf'
32288:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf'
32289:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
cat: crl.pem: No such file or directory
user1.crt: /C=IN/ST=GJ/L=RJ/O=ABC/OU=MKT/CN=USER1/emailAddress=USER1@DOMAIN.COM
error 3 at 0 depth lookup:unable to get certificate CRL
Can anybody please help me ?

Dipesh

Re: revoking a certificate

Posted: Fri Jun 05, 2009 4:18 am
by dipeshmehta
*** BUMP ***

Re: revoking a certificate

Posted: Fri Jun 05, 2009 7:16 pm
by ecrist
You can try running the following command to generate the CRL, and revoking the certificate, manually:

Code: Select all

openssl ca -revoke <cert> -config <config>
Replace <cert> above with the path to your CA certificate, and replace <config> with your openssl config file. I'm not really an expert with easy-rsa, as I think the suite of scripts is really lacking.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/