On 25.08.23 21:41, Jason Long via Openvpn-users wrote: > Hello,With the help of the following command, you can revoke a certificate: > # ./revoke-full "Client_Name" > Now if you change your mind, is it possible to use that certificate again? > Is there a command to validate a revoked certificate?
>Semantically, no, there is no such thing as "unrevoking" a certificate. >Technically, you can get a cert back out of a CRL or other listing, and >hope that the world will forget it was ever listed there, or never >noticed that in the first place, but it'd probably be less work to just >have the CA issue a *new* cert instead. >*Revoked* certs do *not* count against the guideline of "there shouldn't >be two certs by the same CA for the same DN with overlapping validity >periods". >Kind regards, >-- >Jochen Bern >Systemingenieur >Binect GmbH Hi Jochen, Thank you so much for your reply. I have two questions: 1- How do you give keys to a large number of clients? Suppose there are 1000 employees in a company, do all employees have to go to the IT department of that company to get the client keys? 2- Is it possible to send a new key to clients automatically when client key is revoked? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
