35 lines
No EOL
1 KiB
Text
35 lines
No EOL
1 KiB
Text
@startuml openVpnRevokeClientCertificate
|
|
actor Admin as adm
|
|
participant "Amnezia Client" as cli
|
|
participant "Amnezia Container" as cont
|
|
participant "OpenVpn Service" as ovpn
|
|
|
|
adm -> cli: revoke the selected client certificate
|
|
cli -> cli: start busy indicator
|
|
cli -> cont: execute script "revoke openvpn client"
|
|
|
|
cont -> cont: cd /opt/amnezia/openvpn
|
|
cont -> cont: easyrsa revoke openvpnCertId
|
|
cont -> cont: easyrsa gen-crl
|
|
cont -> cont: cp pki/crl.pem crl.pem
|
|
cont -> cont: add crl-verify crl.pem to server.conf
|
|
cont -> ovpn: restart openvpn service
|
|
note right
|
|
In the OpenVpn config
|
|
there should be a line "crl-verify crl.pem".
|
|
After that, the service will ignore
|
|
the certificates contained in the crl.pem file
|
|
end note
|
|
|
|
|
|
group#lightgreen #lightgreen if [successful case]
|
|
ovpn --> cont: restart result
|
|
cont --> cli: back to the client management page
|
|
else #pink some kind of failure
|
|
cont --> cli: display an error depending on when it occurred
|
|
end
|
|
|
|
cli -> cli: stop busy indicator
|
|
cli --> adm: return control to the user
|
|
|
|
@enduml |