Hi, On Sun, Feb 04, 2024 at 10:31:20AM +0000, Peter Davis via Openvpn-users wrote: > I want to revoke a user's key and I have a few questions: > 1- If I revoke a key and create a new key with the same name as before, can > the previous user connect to the server?
I don't know about "users".
The person using the revoked key can no longer use that key as it is revoked.
X.509 certs do not care about "what name is attached to this cert?", all
they care about "is this from a trusted CA, and is it not on the revocation
list (CRL)"?
> 2- If I use the ./revoke-full "Client_Name" command to revoke a key, do I
> need to add a line to the server configuration file? For example, something
> like "crl-verify crl.pem".
Yes. The CRL is needed to tell the server "these certificates have been
revoked".
Note that the CRL has a lifetime, so when the CRL is not refreshed every
now and then, it will expire, and all(!) access is disallowed - see the
easyrsa documentation on CRL lifetime and CRL refreshing.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
