Update documentation

Add ovpn_revokeclient usage to client.md and docker-compose.md
2017-05-02 18:10:12 +02:00 · 2017-05-02 18:10:12 +02:00 · 5aea8b914c
commit 5aea8b914c
parent a091bef13b
2 changed files with 15 additions and 3 deletions
--- a/docs/clients.md
+++ b/docs/clients.md
@ -34,9 +34,12 @@ After doing so, you will find the following files in each of the `$cn` directori

 ## Revoking Client Certificates

-Revoke `client1`'s certificate and generate the certificate revocation list (CRL):
+Revoke `client1`'s certificate and generate the certificate revocation list (CRL) using [`ovpn_revokeclient`](/bin/ovpn_revokeclient) script :

-    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa revoke client1
-    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa gen-crl
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn ovpn_revokeclient client1

 The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates.
+
+You can optionally pass `remove` as second parameter to ovpn_revokeclient to remove the corresponding crt, key and req files :
+
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn ovpn_revokeclient client1 remove
--- a/docs/docker-compose.md
+++ b/docs/docker-compose.md
@ -59,6 +59,15 @@ docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
 docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
 ```

+* Revoke a client certificate
+
+```bash
+# Keep the corresponding crt, key and req files.
+docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME
+# Remove the corresponding crt, key and req files.
+docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove
+```
+
 ## Debugging Tips

 * Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e").