OpenVPN Certs not getting revoked
Hi, While revoking OpenVpn client certs from Server I am getting following output:
./revoke-full client-xxxxxxx
Using configuration from /etc/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf
ERROR:Already revoked, serial number 2D
Using configuration from /etc/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf
client-xxxxxxxxx.crt: /C=IN/ST=xxxxxxxx/O=xxxxxx xxxxxxxxx/OU=xxxxx/CN=VPN-xxxxxx/emailAddress=xxxxxxxxxxxxxxxx@xxxxxxxx.com
error 3 at 0 depth lookup:unable to get certificate CRL
I can see it shows that Certs already revoked as it lists R in front of user's cert entry under index.txt file and my main concern is error list "error 3 at 0 depth lookup:unable to get certificate CRL".
Whereas crl.pem file is at the same location as mentioned under "/etc/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf" configuration file and it's time stamps gets changed as soon as I try to revoke any certs.
The hazardous effect of this error is that as it shows that certs are revoked but still certs are working and client can connect using same certs.
Got to resolve this asap, any help and suggestion will be appreciated.
Thanks.
Last edited by pkhera_2001; 04-14-2010 at 01:44 AM.
|