On 27.08.23 07:49, Jason Long wrote:
1- When a key is generated, how many days is the default time for it to expire?
Whatever your configuration files say. And frankly, just generating one and *looking* at it might tell you *even faster* than reading the configs.
(IIRC EasyRSA comes with its own bunch of openssl.cnf to cover several major versions of OpenSSL the machine may have preinstalled, but a lot of the parameter are filled from env vars that the easyrsa "executable" or a "vars" file would preset.)
2- Are the following commands correct to expire the client key after 110 days?? # export EASYRSA_CERT_EXPIRE=110 # ./easyrsa gen-req My_Client nopass # ./easyrsa sign-req client My_Client
According to the docs https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Advanced.md#environmental-variables-reference and assuming that you're using a POSIX Bourne-style shell https://unix.stackexchange.com/questions/368944/what-is-the-difference-between-env-setenv-export-and-when-to-use that seems correct, but as I said, I don't use EasyRSA myself. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
