On 09/04/14 12:34, Eike Lohmann wrote:
Am 09.04.2014 10:45, schrieb Gert Doering:
This is not trivial to set up, and might not be worth for every client
out there - but if you're truly concerned about your data, upgrade the
client, revoke the old key+certificate, reissue new keys.
How does revokation Lists work with openvpn?
- revoke a certificate and generate a CRL using easy-rsa's 'revoke-full'
(or your preferred solution for PKI)
- add
crl-verify <full path to crl.pem file>
to your server config
- restart openvpn
you can also use a directory containing .r0 files if you have multiple
CAs + CRLs that you need to support.
HTH,
JJK
