Revoking a user without a .crt

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
macaodh
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 06, 2022 12:09 pm

Revoking a user without a .crt

Post by macaodh » Wed Jul 06, 2022 12:27 pm

Hi folks

I've come into possession of an openvpn server which needs quite a bit of tending to. One of the issues is that they've been deleting the .crt files from old users as a way to block access - untested of course... As it didn't work...

Is there a way of regenerating the certs or revoking access without the .crt file per chance?

Code: Select all

[xxx]# ./easyrsa revoke yyy

Easy-RSA error:

Unable to revoke as the input file is not a valid certificate. Unexpected
input in file: /etc/openvpn/easy-rsa/pki/issued/yyy.crt

TinCanTech
OpenVPN Protagonist
Posts: 11138
Joined: Fri Jun 03, 2016 1:17 pm

Re: Revoking a user without a .crt

Post by TinCanTech » Wed Jul 06, 2022 12:58 pm

macaodh wrote:
Wed Jul 06, 2022 12:27 pm
Is there a way of regenerating the certs or revoking access without the .crt file per chance?
My mind boggles .. in a word "no".

Please see:
viewtopic.php?t=22603

macaodh
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 06, 2022 12:09 pm

Re: Revoking a user without a .crt

Post by macaodh » Wed Jul 06, 2022 9:09 pm

Ah.. well thank you regardless. I'll have to think of another way.

TinCanTech
OpenVPN Protagonist
Posts: 11138
Joined: Fri Jun 03, 2016 1:17 pm

Re: Revoking a user without a .crt

Post by TinCanTech » Thu Jul 07, 2022 12:13 am

You can capture the client certificate at the server with --tls-export-cert

Post Reply