From 513baee13d96cd200a6ed15a538774b768c2eac9 Mon Sep 17 00:00:00 2001 From: james Date: Sat, 7 Jan 2006 03:21:49 +0000 Subject: Small fixes: * Fixed variable declaration in crypto.c that is not at the head of a block. * Added library to Visual C makefile. * In server.conf config sample, add additional comment text on "dev tap" usage. * Added some short documentation on revoke-full script. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5 --- easy-rsa/2.0/README | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'easy-rsa') diff --git a/easy-rsa/2.0/README b/easy-rsa/2.0/README index 02800c2..92c550c 100644 --- a/easy-rsa/2.0/README +++ b/easy-rsa/2.0/README @@ -47,6 +47,20 @@ Release Notes for easy-rsa-2.0 * This release only affects the Linux/Unix version of easy-rsa. The Windows version (written to use the Windows shell) is unchanged. +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + INSTALL easy-rsa 1. Edit vars. -- cgit