1、生成证书吊销列表
/usr/share/easy-rsa/easyrsa gen-crl
cp /etc/openvpn/easyrsa/pki/crl.pem /etc/openvpn/server/vpn2、增加openvpn的服务配置
crl-verify /etc/openvpn/server/vpn/crl.pem3、启动openvpn服务
systemctl enable openvpn-server@vpn
systemctl start openvpn-server@vpn
systemctl status openvpn-server@vpn4、注销证书
/usr/share/easy-rsa/easyrsa revoke ai
#重新生成注销列表
/usr/share/easy-rsa/easyrsa gen-crl
cp /etc/openvpn/easyrsa/pki/crl.pem /etc/openvpn/server/vpn/crl.pem
#重启vpn服务
systemctl restart openvpn-server@vpn