This is an old revision of the document!
Table of Contents
PFSense - Certificates - Revoke Certificate
- Create a new revocation list from System → CertManager → CertificateRevocation.
- Add the certificates that you do not want to be active any more.
- Assign the new revocation list to the vpn server in my case VPN → OpenVPN → Servers.
You can easily choose your revocation list from the Peer Certificate Revocation list.
NOTE: Do not need to restart or refresh the change is immediately.
Create new Revocation List
Navigate to System → Cert Manager.
Select Certificate Revocation.
- Click Add or Import CRL.
In Create new Revocation List:
- Method: Create an Internal Certificate Revocation List..
- Descriptive name: ShareWiz OpenVPN - Revocation List.
- Certificate Authority: ShareWiz OpenVPN - CA. Select here a CA that is already created.
In Internal Certificate Revocation List:
- Lifetime (Days): 3650.
- Serial: 0. Default.
- Click Save.
Revocation List is shown as created
Add a user certificate to the Revocation List
Navigate to System → Cert.Manager → Certificate Revocation.
- Click the Pencil Icon to Edit CRL.
shows:
This returns to the main Certificate Revocation page with one certificate showing as on the Revocation list.
Check the user certificate is revoked
Navigate to System → Cert.Manager → Certificate Revocation.
- Click the Pencil Icon to Edit CRL.
shows:
NOTE: This shows the User cert is revoked.
Navigate to System → Cert Manager → Certificates.
Add the Revocation list to the VPN Server
Navigate to VPN → OpenVPN → Servers.
- Click the Pencil Icon to edit.
In Cryptographic Settings:
- Peer Certificate Revocation list: Select the Revocation list to use.
- Click Save.
Test
Try to connect using the VPN client.