Closed cemo closed 7 years ago
pieterlange
commented
7 years ago If you used easyrsa to setup your PKI, use easyrsa to revoke the client:
docker run --user=$(id -u) -e OVPN_SERVER_URL=tcp://vpn.my.fqdn:1194 -v $PWD:/etc/openvpn -ti ptlange/openvpn easyrsa revoke <CN>
Then, update the CRL with:
./kube/update-crl.sh <namespace> [#days the CRL is valid]
Leaving this issue open until i documented this properly.
cemo
commented
7 years ago @pieterlange thanks for your information. I am new to vpn land and trying to understand how things are working.
I have just understood that CRL is certification revocation list. I did not notice that file before. :) I thought all commands are running locally and how revocation would work without updating server. Now it is clear. Thank you.
pieterlange
commented
7 years ago Docs added in 0309c4f7375d456a33b42f2bdd1623b46f3a5033
What is the best way to revoking client certificates?