1) Navigate to /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
2) run . ./vars
. ./vars
3) revoke the certificate
./revoke-full CertificateName
4) Move crl.pem located in keys directory to the OpenVpn’s directory
mv /etc/openvpn/easy-rsa/keys/crl.pem /etc/openvpn/
5) make sure the certificate is revoked – check index.txt in keys, there should be a “R” in the first column right next to revoked certificate
nano /etc/openvpn/easy-rsa/keys/index.txt
6) restart or stop & start the OpenVPN server for immediate effect
/etc/init.d/openvpn stop /etc/init.d/openvpn start