Differences

This shows you the differences between two versions of the page.

--- content:en_us:7_ug_openvpn [2020/03/25 08:16]
84.9.57.48
+++ content:en_us:7_ug_openvpn [2020/03/25 09:03]
84.9.57.48
@@ Line 127: / Line 127: @@
 ===== Revoking Certificates =====
 Currently this is a manual process. Start by initialising the file /etc/pki/CA/crlnumber:<code>echo 1000 > /etc/pki/CA/crlnumber</code>
-Create a file in /etc/cron.monthly. I used /etc/cron.monthly/openssl_crl. In it put:<code>openssl ca -gencrl -crldays 45 -config /usr/clearos/apps/certificate_manager/deploy/openssl.cnf \
+Create a file in /etc/cron.monthly. I used /etc/cron.monthly/openssl_crl. In it put:<code>openssl ca -gencrl -crldays 45 -config /usr/clearos/apps/certificate_manager/deploy/openssl.cnf -out /etc/pki/CA/crl/crl.pem > /dev/null 2>&1</code>And make the file executable:<code>chmod 0744 /etc/cron.monthly/openssl_crl</code>Then execute the file:<code>/etc/cron.monthly/openssl_crl</code>You should now find you have a file /etc/pki/CA/crl/crl.pem.
-    -out /etc/pki/CA/crl/crl.pem \
-    -keyfile /etc/pki/CA/private/ca-key.pem \
-    -cert /etc/pki/CA/ca-cert.pem > /dev/null 2>&1</code>And make the file executable:<code>chmod 0744 /etc/cron.monthly/openssl_crl</code>Then execute the file:<code>/etc/cron.monthly/openssl_crl</code>You should now find you have a file /etc/pki/CA/crl/crl.pem.
 To revoke a certificate, find the file name in /etc/pki/CA. It should be in the form client-{username}-cert.pem and revoke it and regenerate the crl.pem with:<code>openssl ca -config /usr/clearos/apps/certificate_manager/deploy/openssl.cnf -revoke /etc/pki/CA/client-{username}-cert.pem

CLEAROS DOCUMENTATION

Differences

Sitemap

Foundation

Company

Partners

Purchase

Contact Us

CLEAROS DOCUMENTATION

Differences

Page Tools

Sitemap

Foundation

Company

Partners

Purchase

Contact Us