Hi Bonno Am 11.03.2019 um 10:55 schrieb Bonno Bloksma: > Hi, > > Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an > up2date CRL file. However, I am still using easyrsa v2.2 and it has no > gen-crl command. > > I created a copy of revoke-full and deleted the revoke stuff so it just > creates a new crl file. > So far, that works. But..... this crl is only valid for one month, how do I > create one that is valid for a looong time? > What do I need to change in this line? > $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" > ror the crl file to be valid for something like 5 years?
I was never happy with the easyrsa stuff as it may becaus it was residing on the system it is supposed to protect. If you are happy with a windoze implementation of a primitive CA there are a number of them floating around. I still use xca which gives you a halfways decent user interface and keeps he key stuff in a database of some sort. cheers ET
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
