Last active
October 4, 2022 17:59
-
-
Save antoniocampos/86e789c8e5844f6b7a1f187024767e6e to your computer and use it in GitHub Desktop.
Solve OpenVPN 2.4 Error = CRL has expired
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #OpenVPN 2.4 no longer accepts CRLs who's nextUpdate field lies in the past. | |
| # | |
| # me@antoniocampos.net 2017 | |
| # no need for any change at the client side | |
| # you may want to increase the CRL EXPIRE period | |
| # just increase the value default_crl_days = ?? in the openssl.cnf | |
| # tested with Debian 9 and OpenVPN 2.4 | |
| cd /etc/openvpn/2.0/ | |
| export KEY_CN="My VPN Server" | |
| export KEY_OU="IT Dep" | |
| source ./vars | |
| openssl ca -gencrl -keyfile keys/ca.key -cert keys/ca.crt -out keys/crl.pem -config ./openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # me@antoniocampos.net 2020 | |
| # If you use easyrsa, you just have to run | |
| easyrsa gen-crl |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment