VPN revocation
cd /etc/openvpn/easy-rsa
./easyrsa --batch revoke prenom
./easyrsa --batch revoke prenom-mobile
./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
systemctl restart openvpn
The line
crl-verify crl.pem
must be added to /etc/openvpn/server.conf
This should be done with the retired list of names in the openvpn role variables