請都openvpn吊銷證書出錯

請都openvpn吊銷證書出錯

我看了許多文章，都介紹說用revoke-full name就可以吊銷證書了，
為什麼我的偏偏不可以，運行后出現如何錯誤：
C:\Program Files\OpenVPN\easy-rsa>revoke-full Client01
C:\Program Files\OpenVPN\easy-rsa
unknown option -config
usage: ca args

-verbose        - Talk alot while doing things
-config file    - A config file
-name arg       - The particular CA definition to use
-gencrl         - Generate a new CRL
-crldays days   - Days is when the next CRL is due
-crlhours hours - Hours is when the next CRL is due
-startdate YYMMDDHHMMSSZ  - certificate validity notBefore
-enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
-days arg       - number of days to certify the certificate for
-md arg         - md to use, one of md2, md5, sha or sha1
-policy arg     - The CA 'policy' to support
-keyfile arg    - private key file
-keyform arg    - private key file format (PEM or ENGINE)
-key arg        - key to decode the private key if it is encrypted
-cert file      - The CA certificate
-in file        - The input PEM encoded certificate request(s)
-out file       - Where to put the output file(s)
-outdir dir     - Where to put output certificates
-infiles ....   - The last argument, requests to process
-spkac file     - File contains DN and signed public key and challenge
-ss_cert file   - File contains a self signed cert to sign
-preserveDN     - Don't re-order the DN
-noemailDN      - Don't add the EMAIL field into certificate' subject
-batch          - Don't ask questions
-msie_hack      - msie modifications to handle all those universal strings
-revoke file    - Revoke a certificate (given in file)
-subj arg       - Use arg instead of request's subject
-extensions ..  - Extension section (override value in config file)
-extfile file   - Configuration file with X509v3 extentions to add
-crlexts ..     - CRL extension section (override value in config file)
-engine e       - use engine e, possibly a hardware device.
-status serial  - Shows certificate status given the serial number
-updatedb       - Updates db for expired certificates
unknown option -config
usage: ca args

-verbose        - Talk alot while doing things
-config file    - A config file
-name arg       - The particular CA definition to use
-gencrl         - Generate a new CRL
-crldays days   - Days is when the next CRL is due
-crlhours hours - Hours is when the next CRL is due
-startdate YYMMDDHHMMSSZ  - certificate validity notBefore
-enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
-days arg       - number of days to certify the certificate for
-md arg         - md to use, one of md2, md5, sha or sha1
-policy arg     - The CA 'policy' to support
-keyfile arg    - private key file
-keyform arg    - private key file format (PEM or ENGINE)
-key arg        - key to decode the private key if it is encrypted
-cert file      - The CA certificate
-in file        - The input PEM encoded certificate request(s)
-out file       - Where to put the output file(s)
-outdir dir     - Where to put output certificates
-infiles ....   - The last argument, requests to process
-spkac file     - File contains DN and signed public key and challenge
-ss_cert file   - File contains a self signed cert to sign
-preserveDN     - Don't re-order the DN
-noemailDN      - Don't add the EMAIL field into certificate' subject
-batch          - Don't ask questions
-msie_hack      - msie modifications to handle all those universal strings
-revoke file    - Revoke a certificate (given in file)
-subj arg       - Use arg instead of request's subject
-extensions ..  - Extension section (override value in config file)
-extfile file   - Configuration file with X509v3 extentions to add
-crlexts ..     - CRL extension section (override value in config file)
-engine e       - use engine e, possibly a hardware device.
-status serial  - Shows certificate status given the serial number
-updatedb       - Updates db for expired certificates
系統找不到指定的文件。
Error loading file \revoke_test_file.pem
2464:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\
bss_file.c:104:fopen('\revoke_test_file.pem','r')
2464:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file
.c:107:
2464:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
:.\crypto\x509\by_file.c:274:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_
check] [-engine e] cert1 cert2 ...
recognized usages:
        sslclient       SSL client
        sslserver       SSL server
        nssslserver     Netscape SSL server
        smimesign       S/MIME signing
        smimeencrypt    S/MIME encryption
        crlsign         CRL signing
        any             Any Purpose
        ocsphelper      OCSP helper
找不到 C:\revoke_test_file.pem

C:\Program Files\OpenVPN\easy-rsa>

請問有沒有可以答覆我這個問題啊

CA.pl/CA.sh

回復 3樓 namei 的帖子

「CA.pl/CA.sh「是什麼意思啊

搞定了，最後還是在官方的英文網站上找到答案

原帖由 jack.jian 於 2007-2-10 11:19 發表
搞定了，最後還是在官方的英文網站上找到答案
能分享下經驗嗎
E文差得很。。。

要在運行註銷命令前運行 vars

完整格式
vars
revoke-full client2

Tags: