Hi, On 09/01/2024 08:18, Peter Davis via Openvpn-users wrote:
Hi, So if I want to revoke the keys in the future and prevent clients from connecting to the server, then I need the Easy-RSA directory that I used to generate the keys at that time. is it true?
Correct. More specifically, you need the CA key in order to sign your CRL (Certificate Revocation List).
The CA is the *trusted* entity that is in charge of signing "documents" that others need to accept. IF you delete it, you have no way of creating new "documents".
Cheers, -- Antonio Quartulli _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
