CODEWITHSUNDEEP
opensslopenvpn
BeWog
BeWog

Reputation: 53

What do crl-verify ? (command not found)

I try to revoke a certificate for OpenVPN. Everywhere, I find this command:

crl-verify crl.pem

But i can't verify because this command does not exist. What do this command ? Still exist or replace by an other ?

Thanks

Edit:

# openvpn --version
OpenVPN 2.4.12 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 17 2022
library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown 
  enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no 
  enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no 
  enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Upvotes: 2

Views: 2395

Answers (1)

cephes
cephes

Reputation: 46

EDIT:

You should normally add the crl-verify /path/to/crl.pem directive to your server.conf and restart the openvpn server.

Original:

crl-verify is an option of openvpn command.

Try the following: openvpn --crl-verify /path/to/crl.pem

For more options check: man openvpn

Upvotes: 3

Related Questions