O'Reilly logo

OpenVPN Cookbook - Second Edition by Jan Just Keijser

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Revoking certificates

A common task when managing a PKI is to revoke certificates that are no longer needed or that have been compromised. This recipe demonstrates how certificates can be revoked using the easy-rsa script and how OpenVPN can be configured to make use of a Certificate Revocation List (CRL).

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only Networks. This recipe was performed on a computer running CentOS 6 Linux, but it can easily be run on Windows or Mac OS.

How to do it...

  1. First, we generate a certificate:
    $ cd /etc/openvpn/cookbook
    $ . ./vars
    $ ./build-key client4
    [...]
    
  2. Then, we immediately revoke it:
    $ ./revoke-full client4
    Using configuration from /etc/openvpn/cookbook/openssl- ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required