However, I am not experienced and would like som help...
I added this cert this way:
Code: Select all
./easyrsa.real build-client-full TestUser
Code: Select all
./easyrsa.real revoke TestUser
Code: Select all
root@openvpn_1:/usr/local/etc/openvpn/easy-rsa # ./easyrsa.real revoke TestUser
Note: using Easy-RSA configuration from: ./vars
Please confirm you wish to revoke the certificate with the following subject:
subject=
commonName = TestUser
Type the word 'yes' to continue, or any other input to abort.
Continue with revocation: yes
Using configuration from /usr/local/etc/openvpn/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /usr/local/etc/openvpn/easy-rsa/pki/private/ca.key:
Revoking Certificate 08.
Data Base Updated
IMPORTANT!!!
Revocation was successful. You must run gen-crl and upload a CRL to your
infrastructure in order to prevent the revoked cert from being accepted.
I understand I need a CRL setup to prevent revoked certs from connecting. But how do I set that up?