Patrick Lodder wrote:
Isn't it so that the fact if a certificate is in "revoked" state
depends whether or not it's listed in a crl-file?
Then the matter of un-revoking is simple: just remove it't listing
from the crl-file or regenarate the crl-file without the to be
un-revoked certificate
There's really two ways to do this:
(1) Accept all signed certificates EXCEPT what is listed in the CRL (the
--crl-verify method).
(2) Accept no signed certificate unless it is explicitly named in the
--client-config-dir directory (the --ccd-exclusive method).
James
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|