Hi Arthur,

Yes, the x509 <https://github.com/openwisp/django-x509> module of OpenWISP
2 has a revocation feature (Admin › Public Key Infrastructure ›
Certificates > select certificate to revoke > choose "Revoke selected
certificates") - BUT, in order to be enforced, the CRL (Certificate
Revocation List), must be installed, periodically updated and enforced, so
in case of OpenVPN it means the OpenVPN server configuration must have the
CRL option set in order to read from the filesystem and there should
something like a cronjob which every X hours downloads the CRL and puts it
where OpenVPN reads it.

How to find the link to download the CRL?
Each Certification Authority has a CRL, so the link can be found by going
into the certification authority edit page and then click on the "Download
CRL" button in the upper right corner as shown in the following screenshot.

[image: Screenshot from 2018-04-09 11-42-44.png]
×
I hope this helps.

Thanks for asking this question here and not on chat BTW. Since this is not
documented yet, the archived discussion will be indexed on search engine
and will surely help out more people in the near future, at least once
we'll be able to attract more technical writers contributors who'll help me
documenting all the basic openwisp2 features.

Federico


On Mon, Apr 9, 2018 at 3:14 AM BlancLoup <arthur.s...@gmail.com> wrote:

> Hello.
> Is there any certification revocation mechanism at OpenWisp Controller?
> For example, if OpenVPN server certificate was compromised. How to
> distribute newly created certificates for all clients simultaneously?
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenWISP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to openwisp+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to openwisp+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to