Un-revoke certificate in OpenVPN

KBFlow - Makes Knowledge Flow

First of all, “un-revoking” is not an official term. And in PKI practice, a certificate should never be un-revoked.

However, there are cases that things get wrong and you do not want to complicate things by creating new certs.  You may consider this method.

  1. cd <whatever directory your openvpn configs are in, e.g. /etc/openvpn>/easy-rsa/keys
  2. Backup the files crl.pem and index.txt.
  3. There should be an index.txt, with certificate IDs in it. The ones starting with “V” are valid, and ones with “R” are revoked. You can edit that file, and fix the first char to “V”, and delete the third column (the revocation date). If you have more then one certificate, you should see the pattern (sequential number comes in the third column now, etc).
  4. Delete crl.pem
  5. cd ..
  6. . ./vars
  7. openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"
  8. You should find a new crl.pem generated in the current directory…

View original post 9 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s