The use of CRLs
This recipe shows how to configure OpenVPN to use a CRL. It uses the CRL created in the previous recipe. This recipe is an extension of the recipe Routing: masquerading in Chapter 2, Client-server IP-only Networks, in the sense that the server and client configuration files are almost identical.
Getting ready
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. Generate the CRL using the previous recipe. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.10. The client was running Fedora 22 Linux and OpenVPN 2.3.10. Keep the server configuration file basic-udp-server.conf
from the Server-side routing recipe in Chapter 2, Client-server IP-only Networks.
How to do it...
Copy the generated CRL to a more public directory:
[root@server]# cd /etc/openvpn/cookbook [root@server]# cp keys/crl.pem .
Modify the server config file
basic-udp-server.conf
by adding the lines:crl-verify /etc/openvpn...