Checking expired/revoked certificates
The goal of this recipe is to give an insight into some of the internals of the OpenSSL CA commands. We will show how a certificate's status is changed from "Valid" to "Revoked", or "Expired".
Getting ready
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. This recipe was performed on a computer running CentOS 6 Linux but it can easily be run on Windows or Mac OS.
How to do it...
Before we can use plainÂ
opensslcommands, there are a few environment variables that need to be set. These variables are not set in theÂvarsfile by default:$ cd /etc/openvpn/cookbook $ . ./vars $ export KEY_NAME= $ export OPENSSL_CONF=/etc/openvpn/cookbook/openssl-1.0.0.cnf
Now, we can query the status of a certificate using its serial number:
   $ cd keys   $ openssl x509 -serial -noout -in server.crt   serial=01   $ openssl ca -status 01   Using configuration from /etc/openvpn/cookbook...
