I've just managed to setup OpenVPN properly on my server and test it to be properly working with client computers and I came to wonder how OpenVPN keys can be generated as clients come and go.
Is it neccessary to rebuild the diffie helman .dh file and recreate all previous client keys as I just need to add or remove a client?
Thanks
Best Answer
As Ency says, provided you've created your own CA, you simply create another key for the new user. Before any more gets typed, when you set up openVPN you did create your own CA, as recommended, didn't you?
Edit: OK, then
I also have some notes somewhere about making a CRL, which allows you to revoke old certificates, and pointing openVPN at the crl, but I can't immediately find them.