On Tue, Aug 08, 2017 at 08:34:25PM +0200, Xen wrote:
> So you can do two things: renew your CRL, or remove it from the 
> configuration.
> I will let someone answer now who actually has something useful to say 
> ;-).

Well, that's about the message :-) - a CRL has a lifetime, which can
be arbitrarily high (like, 10 years), but if the CRL is rolled with a
short lifetime, it needs to be refreshed regularily.

OpenVPN 2.3 did not respect the lifetime of the CRL, while 2.4 does - so
a setup that worked "just fine" with a long-expired CRL will break
after upgrading to 2.4.  Sorry for the annoyance, but this is the correct
way to handle CRLs.


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to