Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
Revoking access to a user in OpenVPN?
I just set up an OpenVPN server following the official Debian Wiki instructions for OpenVPN.
I would like to know if there's a way to revoke access to a specific user. Let's say I issue user1.crt and user2.crt (along with its corresponding .key files of course). If user2 loses his certificate and key or gets stolen, user2 could potentially compromise the security of the OpenVPN LAN, therefore, would it be possible to revoke the current certificate for user2 and then reissue a new one for him? This way, the attacker would only have the old version of the files, and the server would not allow the attacker to enter the server.
I would rather not use password-based encryption for these .key files, but just like with PGP keys, revoke them and render them 100% useless without having to revoke all OpenVPN keys for all clients and the server itself.
- Join Date
- Sep 2008
Look into the crl-verify server option.
- Join Date
- Mar 2003
Or you can invalidate or revoke the certificate see h t t p://forums.openvpn.net/topic9253.html and h t t p://openvpn.net/index.php/open-source/documentation/howto.html