Hi, On Tue, Aug 08, 2017 at 08:34:25PM +0200, Xen wrote: > So you can do two things: renew your CRL, or remove it from the > configuration. > > I will let someone answer now who actually has something useful to say > ;-).
Well, that's about the message :-) - a CRL has a lifetime, which can be arbitrarily high (like, 10 years), but if the CRL is rolled with a short lifetime, it needs to be refreshed regularily. OpenVPN 2.3 did not respect the lifetime of the CRL, while 2.4 does - so a setup that worked "just fine" with a long-expired CRL will break after upgrading to 2.4. Sorry for the annoyance, but this is the correct way to handle CRLs. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users