OpenVPN-2.1.1HowTo/Revocar los Certificados de un Cliente

De WikiCabal
Ir a la navegación Ir a la búsqueda

Revocar los Certificados de un Cliente

[root@Charon 2.0]# ./build-key AlexBarrago
Generating a 1024 bit RSA private key
.........++++++
...++++++
writing new private key to 'AlexBarrago.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MX]:
State or Province Name (full name) [Jalisco]:
Locality Name (eg, city) [Guadalajara]:
Organization Name (eg, company) [LinuxCabal A.C.]:
Organizational Unit Name (eg, section) []:Tutorial
Common Name (eg, your name or your server's hostname) [AlexBarrago]:
Name []:rrc
Email Address [rrc@LinuxCabal.org]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'MX'
stateOrProvinceName   :PRINTABLE:'Jalisco'
localityName          :PRINTABLE:'Guadalajara'
organizationName      :PRINTABLE:'LinuxCabal A.C.'
organizationalUnitName:PRINTABLE:'Tutorial'
commonName            :PRINTABLE:'AlexBarrago'
name                  :PRINTABLE:'rrc'
emailAddress          :IA5STRING:'rrc@LinuxCabal.org'
Certificate is to be certified until Oct 17 22:20:45 2013 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@Charon 2.0]# 
[root@haron 2.0]# ls -al keys
total 80
drwxr-xr-x 2 root root 4096 2012-10-17 17:20 ./
drwxr-xr-x 3 root root 4096 2012-10-17 16:03 ../
-rw-r--r-- 1 root root 4238 2012-10-17 16:57 00.pem
-rw-r--r-- 1 root root 4094 2012-10-17 17:20 01.pem
-rw-r--r-- 1 root root 4094 2012-10-17 17:20 AlexBarrago.crt
-rw-r--r-- 1 root root  741 2012-10-17 17:20 AlexBarrago.csr
-rw------- 1 root root  916 2012-10-17 17:20 AlexBarrago.key
-rw-r--r-- 1 root root 1452 2012-10-17 16:35 ca.crt
-rw------- 1 root root  916 2012-10-17 16:35 ca.key
-rw-r--r-- 1 root root 4238 2012-10-17 16:57 charon.linuxcabal.org.crt
-rw------- 1 root root  912 2012-10-17 16:57 charon.linuxcabal.org.key
-rw-r--r-- 1 root root  245 2012-10-17 16:05 dh1024.pem
-rw-r--r-- 1 root root  300 2012-10-17 17:20 index.txt
-rw-r--r-- 1 root root   21 2012-10-17 17:20 index.txt.attr
-rw-r--r-- 1 root root   21 2012-10-17 16:57 index.txt.attr.old
-rw-r--r-- 1 root root  155 2012-10-17 16:57 index.txt.old
-rw-r--r-- 1 root root    3 2012-10-17 17:20 serial
-rw-r--r-- 1 root root    3 2012-10-17 16:57 serial.old
[root@Charon 2.0]# 
[root@Charon 2.0]# cat keys/index.txt
V	131017215727Z		00	unknown	/C=MX/ST=Jalisco/L=Guadalajara/O=LinuxCabal A.C./OU=Tutorial/CN=charon.linuxcabal.org/name=rrc/emailAddress=rrc@LinuxCabal.org
V	131017222045Z		01	unknown	/C=MX/ST=Jalisco/L=Guadalajara/O=LinuxCabal A.C./OU=Tutorial/CN=AlexBarrago/name=rrc/emailAddress=rrc@LinuxCabal.org
[root@Charon 2.0]# 
[root@Charon 2.0]# cat keys/index.txt.attr
unique_subject = yes
[root@Charon 2.0]# 
[root@Charon 2.0]# cat keys/serial
02
[root@Charon 2.0]# 
[root@Charon 2.0]# rm keys/AlexBarrago.csr 
rm: remove regular file `keys/AlexBarrago.csr'? y
[root@Charon 2.0]# 

Explicación