https://github.com/OpenVPN/easy-rsa/tree/master/doc
Init:
wget https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
tar xzvf EasyRSA-3.0.1.tgz
cd EasyRSA-3*
vim vars # var.example
./easyrsa init-pki
./easyrsa build-ca
Revoke
. vars
./easyrsa revoke NAME
./easyrsa gen-crl
cp $KEY_DIR/crl.pem ..
vim /etc/openvpn/server.conf #add: crl-verify /etc/openvpn/crl.pem
/etc/init.d/openvpn reload
http://blog.remibergsma.com/2013/02/27/improving-openvpn-security-by-revoking-unneeded-certificates/
Init: #TODO
. vars
./build-ca (or pkitool)
Revoke:
cd /etc/openvpn/easy-rsa/
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/2.0/revoke-full
chmod u+x revoke-full
. vars
./revoke-full NAME
cp $KEY_DIR/crl.pem ..
vim /etc/openvpn/server.conf #add: crl-verify /etc/openvpn/crl.pem
/etc/init.d/openvpn reload