OpenVPN Support Forum

For testing purpose:

I have 4 client certificates named "client1" to "client4" and a test-client certificate named "revoke".

Using av VU+ Solo2 (enigma2 / Dreambox style) I'm running an OpenVPN server with a crl.pem-file.
When I first generated the crl.pem-file I used the "revoke"-certificate and generated the crl-file using
the script from "easy-rsa" called "revoke-full":

/revoke-full revoke

Then the crl.pem-file contained information about the "revoke"-certificate and I was no longer able to
use this certificate to connect to my OpenVPN-server.

So I added the "client1"-certificate to the CRL-file using "/revoke-full client1" and I was unable to use
both the "revoke" and "client1" to connect to my OpenVPN.

But then I wonder if I could make the "client1" certificate valid again by deleting the "crl.pem"-file and
issuing the "/revoke-full revoke" command generating a new "crl.pem". In theory this would mean that
the "client1"-certificate would be valid again. But even if I stop and start the OpenVPN-server I'm not
able to connect using the "client1"-certificate. (The "revoke"-certificate does not work either - of course..)

Is there something I have been missing ?

stupid question,

did you restarted openvpn service between crl changes?

Michael.