Closed cemo closed 7 years ago
If you used easyrsa to setup your PKI, use easyrsa to revoke the client:
docker run --user=$(id -u) -e OVPN_SERVER_URL=tcp://vpn.my.fqdn:1194 -v $PWD:/etc/openvpn -ti ptlange/openvpn easyrsa revoke <CN>
Then, update the CRL with:
./kube/update-crl.sh <namespace> [#days the CRL is valid]
Leaving this issue open until i documented this properly.
@pieterlange thanks for your information. I am new to vpn land and trying to understand how things are working.
I have just understood that CRL is certification revocation list. I did not notice that file before. :) I thought all commands are running locally and how revocation would work without updating server. Now it is clear. Thank you.
Docs added in 0309c4f7375d456a33b42f2bdd1623b46f3a5033
What is the best way to revoking client certificates?