OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Revoking Certificates - certs not created on OpenVPN Server?

https://forums.openvpn.net/viewtopic.php?t=28095

Page 1 of 1

Revoking Certificates - certs not created on OpenVPN Server?

Posted: Thu Mar 21, 2019 3:34 pm
by AndyInNYC
I have an openwrt router running OpenVPN (it works fine).

I generated and store all my certificates on a Ubuntu server which is behind the router. I really don't want the router's space storing the certs nor it's slower processor creating them.

However, I'd like to be able to revoke certificates.

How can I do this?

Do I need to install easy-rsa on the router and regen all my certificates and start fresh?

Andrew

Re: Revoking Certificates - certs not created on OpenVPN Server?

Posted: Thu Mar 21, 2019 3:39 pm
by TinCanTech
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I generated and store all my certificates on a Ubuntu server
Install easyrsa3 on that computer.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I'd like to be able to revoke certificates
Then revoke certificates with easyrsa3 on the computer above.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 I have an openwrt router running OpenVPN
Copy the CRL file to this device.

Ensure your openvpn configuration has a CRL defined.
AndyInNYC wrote:
Thu Mar 21, 2019 3:34 pm
 Do I need to install easy-rsa on the router and regen all my certificates and start fresh?
No.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/