Hi Arthur, Yes, the x509 <https://github.com/openwisp/django-x509> module of OpenWISP 2 has a revocation feature (Admin › Public Key Infrastructure › Certificates > select certificate to revoke > choose "Revoke selected certificates") - BUT, in order to be enforced, the CRL (Certificate Revocation List), must be installed, periodically updated and enforced, so in case of OpenVPN it means the OpenVPN server configuration must have the CRL option set in order to read from the filesystem and there should something like a cronjob which every X hours downloads the CRL and puts it where OpenVPN reads it.
How to find the link to download the CRL? Each Certification Authority has a CRL, so the link can be found by going into the certification authority edit page and then click on the "Download CRL" button in the upper right corner as shown in the following screenshot. [image: Screenshot from 2018-04-09 11-42-44.png] × I hope this helps. Thanks for asking this question here and not on chat BTW. Since this is not documented yet, the archived discussion will be indexed on search engine and will surely help out more people in the near future, at least once we'll be able to attract more technical writers contributors who'll help me documenting all the basic openwisp2 features. Federico On Mon, Apr 9, 2018 at 3:14 AM BlancLoup <[email protected]> wrote: > Hello. > Is there any certification revocation mechanism at OpenWisp Controller? > For example, if OpenVPN server certificate was compromised. How to > distribute newly created certificates for all clients simultaneously? > > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
