A common task when managing a PKI is to revoke certificates that are no longer needed or that have been compromised. This recipe demonstrates how certificates can be revoked using the
easy-rsa script and how OpenVPN can be configured to make use of a Certificate Revocation List (CRL).
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. This recipe was performed on a computer running CentOS 6 Linux, but it can easily be run on Windows or Mac OS.
$ cd /etc/openvpn/cookbook $ . ./vars $ ./build-key client4 [...]
$ ./revoke-full client4 Using configuration from /etc/openvpn/cookbook/openssl- ...