Cleaning out old client certificates
Posted: Wed Mar 28, 2018 4:37 pm
I am running a private OpenVPN server (easy-RSA 3), and am trying to write my own web gui to manage it (with NodeJS).
In the process, I´ve added and revoked a bunch of client certs. Revocation works fine, none of the revoked clients can connect.
But since there are so many, and the names are along the lines of TestUser8 and RevokeThisUser14, I would like to completely delete them.
I know that I can delete certain files to be able to create a new cert wih the same name, but I´d like to remove them completely.
The index.txt file that contains all of them would be nicer to look at and manage if it were shorter. However, I do not want any revoked cert to be able to connect (obviously).
Can this be done? And if so, how?
If yes, will deleting also free up the IP address associated with deleted cert?
If no, is there a way to free up the IP addresses that are revoked and/or not in use by any valid cert so I can use them again?
In the process, I´ve added and revoked a bunch of client certs. Revocation works fine, none of the revoked clients can connect.
But since there are so many, and the names are along the lines of TestUser8 and RevokeThisUser14, I would like to completely delete them.
I know that I can delete certain files to be able to create a new cert wih the same name, but I´d like to remove them completely.
The index.txt file that contains all of them would be nicer to look at and manage if it were shorter. However, I do not want any revoked cert to be able to connect (obviously).
Can this be done? And if so, how?
If yes, will deleting also free up the IP address associated with deleted cert?
If no, is there a way to free up the IP addresses that are revoked and/or not in use by any valid cert so I can use them again?