How to delete OpenVPN user login/certificate

Hello. I’ve been using OpenVPN in Vyos for a few years, but only lately I had the need to delete users, as they left the department.
I do a “source ./vars” under /config/easy-rsa2 folder.
./revoke-full user_to_delete displays the following error:

Using configuration from /config/easy-rsa2/openssl.cnf
Error opening user_to_delete.crt user_to_delete.crt
140045219112592:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen(‘user_to_delete.crt’,‘r’)
140045219112592:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Using configuration from /config/easy-rsa2/openssl.cnf
Error opening certificate file user_to_delete.crt
140666079487632:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen(‘user_to_delete.crt’,‘r’)
140666079487632:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate

Nevertheless, crl.pem is created.
If this worked, I guess I could remove the user folder under “/config/easy-rsa2/keys” and manually remove its .pem file.

But I’m stuck. Any ideas, please?

Hi @dave08, which VyOS version running?
Did you delete anything from /config/easy-rsa2?

Hello. Thanks for the reply. I’m using version 1.2.5 and didn’t delete anything on that folder…

Any suggestions, please?

Can you send me PM an output ls -R /config/easy-rsa2 and which user you exactly want to delete?

Hi @dave08, the main issue happened because you move client certificates to other directories.
As an example userxxx.crt should store in /config/easy-rsa2/keys/ but in you case, you move it to /config/easy-rsa2/keys/userxxx/userxxx.crt. Copy all userxxx.crt files to keys/ directory and try to revoke again.

1 Like

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)