Hi Eric, Just to confirm, the script works fine without modification, the Server config needs "crl-verify keys/crl.pem" adding to be able to use the CRL generated by "full-revoke <client>". On testing, the leaf box shows that a revoked certificate has been tried in daemon.log. Sadly the Windows Openvpn GUI does not show a revocation, just a TLS failure (maybe this is good security?).
Would it be worth adding the script to the LRP ? Regards, Bob > Hi Bob, > > Correct, but you can just copy the script from the openvpn source to the > Bering-uClibc system and make it executable. > > Regards, > Eric > > >> Hi Eric, >> >> >> Thanks for answering, but the revoke script is neither in the openvpnz >> nor the openssl lrp package. I have both installed on my LEAF box. >> >> Regards, >> Bob >> >> >> Eric Spakman schrieb: >> >> >>> Hi Bob, >>> >>> >>> The revoke-full script is a very simple shell script which only uses >>> openssl (you need the openssl.lrp package, probably the reason why the >>> script isn't added by default), so I don't see any reason why it >>> shouldn't work. I think you just can use it "as is" on Bering-uClibc. >>> >>> Regards, >>> Eric >>> >>> >>> >>> >>>> Dear LEAF list, >>>> >>>> >>>> >>>> I am using Bering uClibc 2.3 with OpenVPN. Everything works reaaly >>>> well - thanks ! >>>> I am trying to revoke a certificate (only to test the CRL mechanism). >>>> On >>>> the OpenVPN Howto a script is used "revoke-full" that is part of the >>>> easyRSA software. This does not seem to exist in the openvpn-lrp. Can >>>> I >>>> use the same script as in the 'non-LEAF' openvpn package or do I need >>>> to make some adjustments? p.s. I don't find any information as to >>>> revocation/CRLs in the LEAF docs, I would be happy to write something >>>> once I get it working. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Bob von Knobloch. >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> ---- >>>> Using Tomcat but need to do more? Need to support web services, >>>> security? Get stuff done quickly with pre-integrated technology to >>>> make your job easier Download IBM WebSphere Application Server v.1.0.1 >>>> based on Apache Geronimo >>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=1216 >>>> 42 >>>> ---------------------------------------------------------------------- >>>> -- >>>> leaf-user mailing list: [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/leaf-user >>>> Support Request -- http://leaf-project.org/ >>>> >>>> >>>> >>>> >>>> >>> >>> >> ------------------------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web services, >> security? Get stuff done quickly with pre-integrated technology to make >> your job easier Download IBM WebSphere Application Server v.1.0.1 based on >> Apache Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >> ------------------------------------------------------------------------ >> leaf-user mailing list: [email protected] >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- http://leaf-project.org/ >> >> >> > > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
