1

How to revoke OpenVPN client certificate in Debian

view story
linux-howto

http://serverfault.com – I used the easy-rsa/2.0 programs to build server and client certificates for OpenVPN. I copied the client ones to the clients along with ca.crt. All good. I now need to revoke a client certificate from a stolen laptop. In /usr/share/doc/openvpn/examples/easy-rsa/2.0 there's a revoke script. I've run this successfully and it says "Data Base Updated". It's created some files in a subdir of the examples/doc folder. I've copied the created crl.pem to /etc/openvpn/crl.pem and I've added crl-verify /etc/openvpn/crl.pem to server.conf. Is there any way I can verify that I've done the right thing (HowTos)