From owner-freebsd-questions@FreeBSD.ORG Sun May 10 08:35:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A25FC1065680 for ; Sun, 10 May 2009 08:35:12 +0000 (UTC) (envelope-from itavy@itavy.com) Received: from gateway01.websitewelcome.com (gateway01.websitewelcome.com [69.93.106.19]) by mx1.freebsd.org (Postfix) with SMTP id 4B2CE8FC14 for ; Sun, 10 May 2009 08:35:12 +0000 (UTC) (envelope-from itavy@itavy.com) Received: (qmail 22809 invoked from network); 10 May 2009 08:10:39 -0000 Received: from gator482.hostgator.com (67.18.18.122) by gateway01.websitewelcome.com with SMTP; 10 May 2009 08:10:39 -0000 Received: from [78.97.148.67] (port=1075 helo=[10.22.22.22]) by gator482.hostgator.com with esmtpa (Exim 4.69) (envelope-from ) id 1M345H-0001c7-61; Sun, 10 May 2009 03:08:31 -0500 Message-ID: <4A068B4E.9050605@itavy.com> Date: Sun, 10 May 2009 11:07:42 +0300 From: Octavian Ionescu User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Darryl Hoar References: <000001c9d0a0$8ecfd620$ac6f8260$@com> In-Reply-To: <000001c9d0a0$8ecfd620$ac6f8260$@com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator482.hostgator.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - itavy.com Cc: freebsd-questions@freebsd.org Subject: Re: Openvpn question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 May 2009 08:35:13 -0000 Darryl Hoar wrote: > Installed Openvpn on my freebsd server. Had to revoke a certificate > already. The Openvpn howto guide says to add crl-verify crl.pem to the > server config script. Is that the openvpn server config script or the > openssl config script (I self generate certificates) ? > > Been googling and searching but can't find a definitive answer. > > Thanks and I know this is not strictly a Freebsd question. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" read this, http://openvpn.net/index.php/documentation/howto.html#revoke you have to revoke the certificate(s) using the scripts and adding "crl-verify crl.pem" to the server configuration file. first time when you add that line you have to restart the openvpn daemon, afterthat it will check every time the crl.pem to see if the certificate is revoked or not. -- Best regards, Octavian