Bug #555
closedCertificate Revocation List (CRL) missing from Certificate Manager
100%
Description
There is no place in the 2.0 GUI to handle certificate revocation. The best fit seems to be in the Certificate Manager on the Certificates tab, perhaps a button between the download options and the delete choice that will pull up a page where you can edit a certificate's CRL.
Will also need some backend code on at least OpenVPN to detect the presence of the CRL and use as needed.
Updated by Jim Pingle over 14 years ago
- % Done changed from 0 to 60
It's still a work in progress, but at the moment you can at least import an external CRL and assign it to an openvpn instance. The backend functions are there to manage user certificate revocation but it still needs some GUI work to make it happen.
Updated by Jim Pingle over 14 years ago
Also, as a note to myself: It still needs upgrade code to handle existing CRLs
Updated by Jim Pingle about 14 years ago
I've made some more CRL commits today. Once the new snapshot is up, it should (in theory) be capable of revoking a cert via the CRL tab. The CRL patches to OpenSSL were lost (I added them back in) so it needs more testing once the new build is complete.
Updated by Jim Pingle about 14 years ago
- Status changed from New to Feedback
- % Done changed from 60 to 100
This should be feature-complete as far as I can tell, unless anyone has any more ideas about how it should be changed.
You can revoke a cert, and the client can't reconnect, then remove it from the CRL and they can connect again.
Right now the only place a CRL can be used is from the OpenVPN server page. If there are any other areas where it might be used, let me know. I don't see any way to use it in IPsec, and I'm not sure if anywhere else in the system would even be capable of it.
The next new snapshot dated after this post should contain all of the code needed to work with CRLs.
Updated by Jim Pingle about 14 years ago
Applied in changeset 62b262e4766bcd5e46b4191e0f618087b78d8f40.
Updated by Chris Buechler almost 14 years ago
- Status changed from Feedback to Resolved