Hi,
Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an
up2date CRL file. However, I am still using easyrsa v2.2 and it has no gen-crl
command.
I created a copy of revoke-full and deleted the revoke stuff so it just creates
a new crl file.
So far, that works. But..... this crl is only valid for one month, how do I
create one that is valid for a looong time?
What do I need to change in this line?
$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
ror the crl file to be valid for something like 5 years?
I have almost no key updates, this is a static environment with currently just
3 links, so just a few keys/certs that will never change. I control all clients
so I could even just delete a key on the client if I don't want to use it
anymore.
Only when I suspect some foul play would I ever need to revoke a key.
Bonno Bloksma
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
