Making OpenVPN key creation easier until we get a GUI
-
Can anyone help? If not in command line can i do it in windows using the revoke-full.bat in windows
Thank you!
-
Updated - I had the syntax wrong, and didn't include my changes to vars. This should be complete now.
–-----------------
I've got this working now, using a revoke-full script and some changes to the vars file. Steps to revoke are: run 'source ./vars' first, then ./revoke-full username, then post the new keys/crl.pem file to the configuration through the GUI.Here is the script:
#!/bin/sh # revoke a certificate, regenerate CRL, # and verify revocation CRL="crl.pem" RT="revoke-test.pem" if [ $# -ne 1 ]; then echo "usage: revoke-full <common-name>"; exit 1 fi if [ "$KEY_DIR" ]; then cd "$KEY_DIR" rm -f "$RT" # set defaults export KEY_CN="" export KEY_OU="" # revoke key and generate a new CRL $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" # generate a new CRL -- try to be compatible with # intermediate PKIs $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" if [ -e export-ca.crt ]; then cat export-ca.crt "$CRL" >"$RT" else cat ca.crt "$CRL" >"$RT" fi fi</common-name>
And the changes to vars:
. . # Changes to allow for revoke-full option setenv KEY_OU "$KEY_ORG" setenv KEY_CN "my.servername.com" #This should match the servername in your server cert setenv PKCS11_MODULE_PATH "$PKCS11TOOL" setenv PKCS11_PIN "dummy"