Hi,
> <quote> > If the optional dir flag is specified, enable a different mode where > crl is a directory containing files named as revoked serial numbers > (the files may be empty, the contents are never read). If a client > requests a connection, where the client certificate serial number > (decimal string) is the name of a file present in the directory, it > will be rejected. > </quote> > > Ok, here we go: > > # grep crl-verify /etc/openvpn/server.conf > crl-verify /etc/openvpn/crl dir > > I'd like to block cert with serial number 0B: > > # openssl x509 -noout -serial -in test.crt | \ > sed 's/.*=//g;s/../&:/g;s/:$//' > 0B > > AFAIU the manpage I only have to touch the file: > > # touch /etc/openvpn/crl/0B IIRC, you have to use the decimal representation of the serial. Selva _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
