Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to invalidate existing server certificates?

    OpenVPN
    2
    2
    200
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pyite
      last edited by

      We have a set of OpenVPN servers on different ports.

      They are for short term use, and we would like to invalidate the client .ovpn files periodically. Is there any way to do this? Renew or reissue of the server cert or CA cert doesn't prevent the old .ovpn file from allowing connections.

      If we delete and re-create the servers, it seems to do what we want, but there must be an easier way.

      Thanks

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @pyite
        last edited by

        @pyite
        You can revoke the client certificate to prevent using it to connect.

        To do so, you have to create revocation lists for the used CAs in System > Certificates > Revocation, as long as you didn't this already. Then assign it your VPN servers.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.