d3vilh
Deleting a revoked client brings to the 404 page
When attempting to delete a revoked client, the action redirects to a 404 error page. The deletion process works perfectly if the client is deleted immediately after revocation. However, if the page is refreshed before attempting to delete the client, it results in a 404 error page.
Hi @zawyelwin, thanks for the reporting.
Let me test it, looks like a bug.
EDIT: Did you tried to delete certs created with UI or it were old certificates?
I tried to test it with 0.9.5.4 and 0.5.4 openvpn-server container it seems works fine now, but my test is not completed yet. have few reworked certs which will try to delete tomorrow.
I tried to delete the certs created from UI. I am also using the same versions as yours. BTW setup using this https://github.com/d3vilh/openvpn-aws.
Thanks for looking into it.
I am having the same problem and I am not running openvpn-aws. It seems like the UI got stuck thinking that there is a cert to be deleted, when you try to delete it (press the delete button) it redirects you to the 404 page.
The issue likely occurred in this section
// @router /certificates/burn/:key/:serial/:tfaname [get]
func (c *CertificatesController) Burn() {
c.TplName = "certificates.html"
flash := web.NewFlash()
CN := c.GetString(":key")
serial := c.GetString(":serial")
tfaname := c.GetString(":tfaname")
logs.Info("Controller: Burning certificate with parameters: CN=%s, serial=%s, tfaname=%s", CN, serial, tfaname)
if err := lib.BurnCertificate(CN, serial, tfaname); err != nil {
logs.Error(err)
//flash.Error(err.Error())
//flash.Store(&c.Controller)
} else {
flash.Success("Success! Certificate for the name \"" + CN + "\" and serial \"" + serial + "\" has been removed")
flash.Store(&c.Controller)
}
c.showCerts()
}
The Delete (Burn) function expects three parameters (dynamic variables) from the router annotation:
CN Name (Common Name) Serial TFAname (ex : [email protected])
In my case, a 404 page was returned because the TFAname parameter was missing. Therefore, you can remove certificates using the curl command with the appropriate parameters using the following URL structure:
/host/certificates/burn/CNname/Serial/TFAname
For example
# Replace with actual values curl "https://yourdomain.com/certificates/burn/john.doe/ABC123/[email protected]"
Thanks! I hope this helps!
Burn should work fine without TFAname. let me try to reproduce it now.
So I created new cert (revoking) and revoked it in a minute:
2024/12/27 20:54:46.617 [I] [certificates.go:142] Controller: Creating certificate with parameters: Name=revoking, Staticip=10.0.0.1, Passphrase=, ExpireDays=888, [email protected], Country=CY, Province=PF, City="Paphos", Org="Evacuation", OrgUnit="MyOrganizationalUnit", TFAName=, TFAIssuer=
2024/12/27 20:54:46.617 [I] [certificates.go:119] Lib: Creating certificate with parameters: name=revoking, staticip=10.0.0.1, passphrase=, expiredays=888, [email protected], country=CY, province=PF, city="Paphos", org="Evacuation", orgunit="MyOrganizationalUnit", tfaname=, tfaissuer=
2024/12/27 20:54:46.617 [D] [utils.go:51]
Then I'll close tab and load it again in incognito mode, after UI container restart and 10 minutes of chill with cup of chai. Then I'll try to remove.
UPDATE:
So, what I did is even better -
I opened session in new browser (Firefox. Previously I used Safari) and delete this revoked certificate without any issue:
2024/12/27 21:10:00.510 [I] [certificates.go:192] Controller: Burning certificate with parameters: CN=revoking, serial=76C27313280F651132AAC620136D8641, tfaname=none
2024/12/27 21:10:00.510 [I] [certificates.go:281] Lib: Burning certificate with parameters: CN=revoking, serial=76C27313280F651132AAC620136D8641, tfaname=none
I test it in new UI version - 0.9.5.6rc, but in current 0.9.5.5 this works exactly the same.
All the cert details are reading by lib function ReadCerts from the index.txt file.
If the index file not touched - then we should be good.