[Openvpn-users] CRL: cannot read CRL from file /etc/openvpn/ca/crl.pem

Tue, 13 Jun 2023 01:44:17 -0700 

Using openvpn 2.6.4-focal0 (on Ubuntu focal 20.04)

My log says:

Jun 13 03:06:23 openvpn-igel-int tcp[452155]: OpenSSL: error:140E0197:SSL 
routines:SSL_shutdown:shutdown while in init
Jun 13 03:06:23 openvpn-igel-int tcp[452155]: OpenSSL: error:140E0197:SSL 
routines:SSL_shutdown:shutdown while in init
Jun 13 03:06:23 openvpn-igel-int tcp[452155]: OpenSSL: error:0909006C:PEM 
routines:get_name:no start line
Jun 13 03:06:23 openvpn-igel-int tcp[452155]: CRL: cannot read CRL from file 
/etc/openvpn/ca/crl.pem

So I thought "Maybe the CRL file is filled with junk...", and checked:

# openssl crl -text -in /etc/openvpn/ca/crl.pem -noout |head
Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC = de, DC = charite, CN = Charite Zertifizierungsstelle
        Last Update: Jun  8 10:03:43 2023 GMT
        Next Update: Jun 18 10:23:43 2023 GMT
        CRL extensions:
           X509v3 Authority Key Identifier: 
              keyid:FB:EC:2F:AC:D8:E8:CA:70:20:62:C9:1D:08:A4:23:CA:44:BC:B3:41

This looks fairly valid to me.

# head /etc/openvpn/ca/crl.pem
-----BEGIN X509 CRL-----
MIIOaTCCDVECAQEwDQYJKoZIhvcNAQELBQAwVTESMBAGCgmSJomT8ixkARkWAmRl
MRcwFQYKCZImiZPyLGQBGRYHY2hhcml0ZTEmMCQGA1UEAxMdQ2hhcml0ZSBaZXJ0
aWZpemllcnVuZ3NzdGVsbGUXDTIzMDYwODEwMDM0M1oXDTIzMDYxODEwMjM0M1ow
ggpJMCQCE3UADcE1IAuIHeLKx44AAgANwTUXDTIzMDUyNTExMDczMlowJAITdQAT
+h3Lq9ilivNckgACABP6HRcNMjMwNTI1MTA0NTIwWjAkAhN1ABP6HDxa3jJ/Xtio
AAIAE/ocFw0yMzA1MjUxMDQ1MDdaMCQCE3UAE/XD/f6IxZwK1TYAAgAT9cMXDTIz
MDUxMTE0NDExMFowJAITdQAT9b5x61pgDNs5sAACABP1vhcNMjMwNTExMTQzMTA3
WjAkAhN1ABPGOjUNAfEgY+NpAAIAE8Y6Fw0yMzA1MDIxMjQzMTBaMCQCE3UACSQU
9jcP9JJ5w1QAAgAJJBQXDTIzMDQxODA4NDkwN1owJAITdQATVmp1bLU8d2yhOwAC

What's wrong here?

-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to