On July 16, 2008 09:32:41 am albertlb wrote: > Hello > > I am using a debian pc with openssl and openvpn. The problem is I have > revoked a user certificate but the user still has access to the vpn. In the > crl.pem file appears the reference to this user. What could It happen? > > Thank you http://www.nabble.com/file/p18487517/openssl.cnf openssl.cnf
If I am not mistaken, OpenVPN does not automatically fetch the new CRL, and must be told specifically to do CRL verification. So, if your CA is not on the OpenVPN machine (which would be a VERY good thing :), you have to make sure that the CRL gets replicated from the CA out to the machine, and put in the location specified by the crl-verify option. As a note: This is an OpenVPN configuration question, not an OpenSSL question - you probably will get better support asking on the OpenVPN mailing list. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
