OPNsense Forum

English Forums => Virtual private networks => Topic started by: bdario on November 02, 2023, 01:34:48 pm

Title: revoked cert still works
Post by: bdario on November 02, 2023, 01:34:48 pm

Hello folks,
I'm stuck on certificate revocation.

I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export

I revoked a cert:
1) create CA Revocation List
2) revoke the cert

but the user still connetcs using VPN

This is embarazing.
Can someone please help me to solve this issue?

Greetings
Dario

Title: Re: revoked cert still works
Post by: Patrick M. Hausen on November 02, 2023, 01:39:50 pm

Did you configure the CRL in the OpenVPN server/instance settings?

Title: Re: revoked cert still works
Post by: bdario on November 02, 2023, 02:19:01 pm

Hi Patrick,
I only create the CRL under:
System / Trust / Revocation
(and I revoked the cert, the cert associated to the user is marked as "Revoke")

I toke a look under OpenVPN Server but I don't found the way to configure the CRL

Can you please show me the way / give me instructions?

Thanks a lot
Dario

Title: Re: revoked cert still works
Post by: Patrick M. Hausen on November 02, 2023, 02:36:57 pm

See screen shot, please.

Title: Re: revoked cert still works
Post by: bdario on November 02, 2023, 04:57:46 pm

Great job Patrick, now it works fine
have you a nice day
thanks a lot
Dario