• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to invalidate existing server certificates?

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 240 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    pyite
    last edited by Mar 11, 2024, 3:32 PM

    We have a set of OpenVPN servers on different ports.

    They are for short term use, and we would like to invalidate the client .ovpn files periodically. Is there any way to do this? Renew or reissue of the server cert or CA cert doesn't prevent the old .ovpn file from allowing connections.

    If we delete and re-create the servers, it seems to do what we want, but there must be an easier way.

    Thanks

    V 1 Reply Last reply Mar 11, 2024, 4:41 PM Reply Quote 0
    • V
      viragomann @pyite
      last edited by Mar 11, 2024, 4:41 PM

      @pyite
      You can revoke the client certificate to prevent using it to connect.

      To do so, you have to create revocation lists for the used CAs in System > Certificates > Revocation, as long as you didn't this already. Then assign it your VPN servers.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received