Home > openvpn revoke > revoke-full error 23

Revoke-full Error 23

revoking unneededcertificates 27 February 2013 —11 Comments OpenVPN is great, it allows for easy access in a secure way. But how do you keep it secure? I mean, what if someone leaves your company? Do openvpn revoke-full you disable access to the OpenVPN server? You should! In this blog openvpn revoke without crt I'll show you how to do it. A feature called revoking exists in OpenVPN. Revoking a certificate means openvpn revoke-full unable to load certificate to invalidate a previously signed certificate so that it can no longer be used for authentication purposes. For this to work, we need to tell the OpenVPN server which openvpn delete certificate certificates are no longer valid. All connecting clients will then have their client certificates verified against the so-called CRL (Certificate Revoking List). Any positive match will result in the connection being dropped. Your former employees will no longer have access, even if they still have their certificates. Creating a certificate to test with Before we start, let's generate a dummy

Openvpn Unrevoke

certificate for testing purposes: cd /etc/openvpn/easy-rsa/2.0/ . ./vars ./build-key unwanted-client-name Verify you can connect to the OpenVPN server using this certificate. Refer to my earlier post for more info. Now that this works, I'll show you how to revoke this certificate so you will no longer be able to connect. Revoking a certificate To revoke a certificate, we'll use the ‘easy-rsa' toolset. cd /etc/openvpn/easy-rsa/2.0 If it's not there, look at the OpenVPN examples and copy it: cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn cd /etc/openvpn/easy-rsa/2.0 Run this command to revoke the certificate called ‘unwanted-client-name': ./revoke-all unwanted-client-name You should see output similar to this: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf Revoking Certificate 03. Data Base Updated Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf unwanted-client-name.crt: C = NL, ST = ZH, L = City, O = Name, OU = pi.example.org, CN = unwanted-client-name, name = unwanted-client-name], emailAddress = openvpn@example.org error 23 at 0 depth lookup:certificate revoked Note the "error 23" in the last line. That is what you want to see, as it indicates that a certificate verification of the revoked certificate failed. The index.txt file on key

Date: Sat, 09 Jul 2005 21:56:01 +0530 [root@centos easy-rsa]# ./revoke-full client4 Using configuration from /etc/openvpn/openvpn-2.0/easy-rsa/openssl.cnf Revoking Certificate 06. openvpn revoke Data Base Updated Using configuration from /etc/openvpn/openvpn-2.0/easy-rsa/openssl.cnf client4.crt: /C=IN/ST=KE/O=Vanilla/OU=Tech/CN=b5c5m3p219.srTachyon.com/emailAddress=sadique@xxxxxxxxxxxxxxxxxxx error 3 at 0 depth lookup:unable to get certificate CRL This error message seems something revoke-full error 23 different from the error message i expect it should be error 23 at 0 depth lookup:certificate revoked Any Idea? I can't revoke this certificate..... Thanks ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Prev by Date: [Openvpn-users] TR: problem with dh Next by Date: [Openvpn-users] Problem automating tap0/dhcp on client Suse 9.1 Previous by thread: [Openvpn-users] TR: problem with dh Next by thread: [Openvpn-users] Problem automating tap0/dhcp on client Suse 9.1 Index(es): Date Thread

Contact us! LowEndBox.Com LowEndNetwork Twitter Advertise on LowEndTalk.com Categories All Categories 37.2KAnnouncements 39 General 13.6K Providers 2.5K Outages 9 Reviews 895 Tutorials 357 Help 6.5K Offers 6.8K Shared Hosting Offers 128 Requests 4.9K Domains 1.5K In this Discussion Aldryic May 2012 beard May 2012 Freek May 2012 nabo May 2012 Taylor May 2012 ValdikSS May 2012 yomero May 2012 Home › Help › Can't revoke client access from OpenVPN? Can't revoke client access from OpenVPN? Freek Member May 2012 edited May 2012 in Help I'm trying to revoke a user's access to my OpenVPN server by running these two commands: . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/revoke-full client1 But computer says no: http://pastebin.com/XEy9dMec It seems to be looking for a directory which isn't there (/root/keys) but the question is; why is it looking there? Thanks! Linux noob willing to learn. Comments beard Member May 2012 edited May 2012 Looking at http://svn.openvpn.net/projects/openvpn/contrib/test/testbranch/easy-rsa/revoke-full Ever thought of running the command from the same directory as your keys? Freek Member May 2012 Hi Beard, Thanks for the reply. Yes, I did. I first did 'cd /etc/openvpn/easy-rsa/2.0/keys' and then the above sequence, same problem. revoke-full isn't in /keys.. Linux noob willing to learn. Aldryic Member May 2012 edited May 2012 cd /etc/openvpn/easy-rsa/2.0/ && . /etc/openvpn/easy-rsa/2.0/revoke-full rick Give that a try. It looks like the revoke script wants to be run one directory up from /keys, since it attempted to auto-cd into /root/keys/ when you ran it from /root/. Thanked by 1beard Freek Member May 2012 Thanks for the reply, @Aldryic Sadly, it gives me the exact same error.. Linux noob willing to learn. yomero Member May 2012 edited May 2012 Reading the script, apparently it just executes a couple of openssl commands. Also, I think you need to go to the

Related content

revoke-full error
Revoke-full Error p RSA keys instaed of static keys is the fact that you can easily disable access to the server openvpn revoke-full for a specific client without the need to re-create keys openvpn revoke-full unable to load certificate for any other client This is called revoking of client certificates Since every single client's certificate openvpn revoke without crt is verified against a Certificate Revoking List CRL disabling a certificate is rather easy We simply have to create a CRL file and tell OpenVPN to use p Openvpn Unrevoke p it Any match against the CRL will then result in