https://superuser.com/questions/1244807/openvpn-server-disable-and-reenable-clients
[root@iZbp1fna7ky0qz2jbj7gfpZ 2.0]# pwd
/usr/local/openvpn-2.3.17/easy-rsa/2.0
source vars
[root@iZbp1fna7ky0qz2jbj7gfpZ 2.0]# /usr/local/openvpn-2.3.17/easy-rsa/2.0/revoke-full /usr/local/openvpn-2.3.17/easy-rsa/2.0/keys/cert_37
Using configuration from /usr/local/openvpn-2.3.17/easy-rsa/2.0/openssl-1.0.0.cnf
ERROR:Already revoked, serial number 2A
想恢复
cat /usr/local/openvpn-2.3.17/easy-rsa/2.0/keys/index.txt
将R改V,同时注意tab
source vars
openssl ca -gencrl -out "keys/crl.pem" -config "$KEY_CONFIG"
revoke.sh:
#!/bin/bash keys_index_file=/usr/share/easy-rsa/keys/index.txt fileline="$(grep "/CN=$1/" $keys_index_file)" columns_number="$(echo $fileline | awk -F' ' '{print NF;}')" if [[ $columns_number -eq 5 ]] && [[ $fileline == V* ]]; then source /usr/share/easy-rsa/vars /usr/share/easy-rsa/revoke-full $1 { sleep 3 echo kill $1 sleep 3 echo exit } | telnet localhost 7505 echo "Client certificate revoked successfully." exit 0; elif [[ $columns_number -eq 6 ]] && [[ $fileline == R* ]]; then echo "Client certificate is already revoked." exit 0; else echo "Error; key index file may be corrupted." exit 1; fi
unrevoke.sh:
#!/bin/bash keys_index_file=/usr/share/easy-rsa/keys/index.txt linenumber="$(grep -n "/CN=$1/" $keys_index_file | cut -f1 -d:)" fileline="$(grep -n "/CN=$1/" $keys_index_file)" line="$(grep "/CN=$1/" $keys_index_file)" columns_number="$(echo $line | awk -F' ' '{print NF;}')" echo $columns_number if [[ $columns_number -eq 6 ]] && [[ $line == R* ]]; then column2="$(echo $fileline | awk '{print $2}')" column4="$(echo $fileline | awk '{print $4}')" column5="$(echo $fileline | awk '{print $5}')" column6="$(echo $fileline | awk '{print $6}')" echo -e "V\t$column2\t\t$column4\t$column5\t$column6" >> $keys_index_file sed -i "${linenumber}d" $keys_index_file cd /usr/share/easy-rsa; source ./vars; openssl ca -gencrl -out "keys/crl.pem" -config "$KEY_CONFIG" echo "Certificate unrevoked successfully." exit 0; elif [[ $columns_number -eq 5 ]] && [[ $fileline == V* ]]; then echo "Certificate is already unrevoked and active" exit 0; else echo "Error; Key index file may be corrupted." exit 1; fi