pfsense:certificates:revoke_certificate
This is an old revision of the document!
Table of Contents
PFSense - Certificates - Revoke Certificate
- Create a new revocation list from System → CertManager → CertificateRevocation.
- Add the certificates that you do not want to be active any more.
- Assign the new revocation list to the vpn server in my case VPN → OpenVPN → Servers.
You can easily choose your revocation list from the Peer Certificate Revocation list.
NOTE: Do not need to restart or refresh the change is immediately.
Create new Revocation List
Navigate to System → Cert Manager.
Select Certificate Revocation.
- Click Add or Import CRL.
In Create new Revocation List:
- Method: Create an Internal Certificate Revocation List..
- Descriptive name: ShareWiz OpenVPN - Revocation List.
- Certificate Authority: ShareWiz OpenVPN - CA. Select here a CA that is already created.
In Internal Certificate Revocation List:
- Lifetime (Days): 3650.
- Serial: 0. Default.
- Click Save.
Revocation List is shown as created
Add a user certificate to the Revocation List
Navigate to System → Cert.Manager → Certificate Revocation.
- Click the Pencil Icon to Edit CRL.
shows:
This returns to the main Certificate Revocation page with one certificate showing as on the Revocation list.
Check the user certificate is revoked
Navigate to System → Cert.Manager → Certificate Revocation.
- Click the Pencil Icon to Edit CRL.
shows:
NOTE: This shows the User cert is revoked.
pfsense/certificates/revoke_certificate.1613671004.txt.gz · Last modified: 2021/02/18 17:56 by peter