Hi,
> > Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an
> > up2date CRL file. However, I am still using easyrsa v2.2 and it has no
> > gen-crl command.
>>[...]
>> What do I need to change in this line?
>> $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
>> ror the crl file to be valid for something like 5 years?
>
> I was never happy with the easyrsa stuff as it may becaus it was residing on
> the system it is supposed to protect.
That is why I have it on a server that most of the time is just off.
I my case I could just stuff it in a zip/tar file and get it out when I need
it. I only had update last year.
> If you are happy with a windoze implementation of a primitive CA there are a
> number of them floating around.
> I still use xca which gives you a halfways decent user interface and keeps he
> key stuff in a database of some sort.
Rather not switch to Windows fort hat stuff. Like I wrote, I only have a few
OpenVPN connections and for me easy-rsa is easy enough, it just that expiration
date on the CRL file.
I tried
$OPENSSL ca -gencrl -days $SA_EXPIRE -out "$CRL" -config "$KEY_CONFIG"
but that still generated a crl file for one month.
Bonno Bloksma
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
