Certificate Revocation List in OpenVPN



  • Hi guys, is CRL missing in the OpenVPN config or should I look a little harder?



  • I don't see a CRL specifically, but you can go to the "Connection Specific Overrides" tab, put in the certificate's X509 Common Name, and tell the server it's disabled.

    I would love to see CRL support–or even checking/caching the CRL against what's listed in the Netscape Extensions section of the cert, but I'm not sure if it's in the plans--and I'm certainly not elite enough to code it.

    Hope that helps.

    -A


Log in to reply