List issued/revoked Easy-RSA/OpenVPN certificates

README.md

This script should be placed in the directory that has the easy-rsa directory.

Example output:

# ./list-revoked
Revoked certificates:
=====================

757605D0E1B900FEBEBD0DB92B7CBCD7: C - someuser1
400180B54A45195C6D4872BA268CBC96: C - someuser2
548A1CC3C4A4F74FA2BC3916219E4A43: S - someserver1

# ./list-certs
Issued certificates:
====================

51E8BB7F20FC9C90E91FB619005034F1: C - someuser3
CFF11E535BDB8F1555FE2252E0160BF6: C - someuser4
69C620B5CEE405A36926D71CA68CA8E7: S - someserver2

Where the first column is the certificate follow by C/S for Client/Server types, and the CN for the certificate.

list-certs.sh

#!/bin/bash

# Change working dir to the easy-rsa folder
pushd "$(dirname "$0")/easy-rsa" > /dev/null

echo "Issued certificates:"
echo "===================="
echo

find ./pki/certs_by_serial -iname '*.pem' | while read cert
do
  echo -n "$(basename -s '.pem' $cert): "
  openssl x509 -text -noout -in $cert | grep "TLS Web Server Authentication" &> /dev/null
  if [ "$?" == "0" ]; then
    echo -n "S - "
  else
    echo -n "C - "
  fi
  openssl x509 -text -noout -in $cert | grep "Subject: CN=" | cut -d '=' -f2
done | sort -k3

list-revoked.sh

#!/bin/bash

# Change working dir to the easy-rsa folder
pushd "$(dirname "$0")/easy-rsa" > /dev/null

echo "Revoked certificates:"
echo "====================="
echo

openssl crl  -text -noout -in ./pki/crl.pem | grep "Serial Number:" | cut -d ' ' -f7 | while read serial
do
  echo -n "$serial: "
  openssl x509 -text -noout -in ./pki/revoked/certs_by_serial/$serial.crt | grep "TLS Web Server Authentication" &> /dev/null
  if [ "$?" == "0" ]; then
    echo -n "S - "
  else
    echo -n "C - "
  fi

  openssl x509 -text -noout -in ./pki/revoked/certs_by_serial/$serial.crt | grep "Subject: CN=" | cut -d '=' -f2
done | sort -k2