The revoke-full script will generate a CRL (certificate revocation list) file called crl.pem in the keyssubdirectory. The file should be copied to a directory where the OpenVPN server can access it, then CRL verification should be enabled in the server configuration:

(This operation doesn't really need them but does access them; see Why does OpenSSL need the private key to revoke a certificate?) Anytime after the 'database' is updated, use openssl ca -gencrl [options] to actually generate a CRL from the current (updated) contents. The CRL period (in days, hours, or seconds) must be specified on the command Revoke-Certificate - PKI Extensions -Reason . Specifies a reason why certificate was revoked. This parameter accepts one of the following values: Unspecified - (default) is used if the certificate is revoked for a reason outside the scope of supported reasons. KeyCompromise - is used if the certificate private key was stolen or become known to an unauthorized entity. CACompromise - is used if the CA certificate private OpenSSL - Wikipedia OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements Mind Reference: How to Renew Certificate with OpenSSL

Online Certificate Status Protocol — OpenSSL Certificate

OpenSSL - OpenSSL "ca -revoke" - Revoke a Certificate OpenSSL "ca" - Sign the CSR Again How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years. If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command, you need to revoke the certificate, then sign it again c How to revoke a Let's Encrypt certificate, and why you

Revoking certificates - Let's Encrypt - Free SSL/TLS

OpenSSL with Bash » Linux Magazine OpenSSL makes use of standard input and standard output, and it supports a wide range of parameters, such as command-line switches, environment variables, named pipes, file descriptors, and files. You can take advantage of these features to quickly write Bash (Bourne-Again Shell) scripts that automate tasks, such as testing SSL/TLS (Secure Socket Layer/Transport Layer Security) connections OpenSSL - OpenSSL "ca -revoke" - Revoke a Certificate OpenSSL "ca" - Sign the CSR Again How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years. If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command, you need to revoke the certificate, then sign it again c