On Sun, Aug 27, 2023 at 1:33 PM, Jochen Bern <jochen.b...@binect.de> wrote: On 27.08.23 07:49, Jason Long wrote: > 1- When a key is generated, how many days is the default time for it to > expire?
>Whatever your configuration files say. And >frankly, just generating one >and *looking* at it might tell you *even faster* >than reading the configs. >(IIRC EasyRSA comes with its own bunch of >openssl.cnf to cover several >major versions of OpenSSL the machine may >have preinstalled, but a lot >of the parameter are filled from env vars that >the easyrsa "executable" >or a "vars" file would preset.) > 2- Are the following commands correct to >expire the client key after 110 > days?? > > # export EASYRSA_CERT_EXPIRE=110 > # ./easyrsa gen-req My_Client nopass > # ./easyrsa sign-req client My_Client >According to the docs >https://github.com/OpenVPN/easyrsa/blob/master/doc/EasyRSA-Advanced.md#environmental-variables-reference >and assuming that you're using a POSIX >Bourne-style shell >https://unix.stackexchange.com/questions/368944/what-is-the-difference-between-env-setenv-export-and-when-to-use >that seems correct, but as I said, I don't use >EasyRSA myself. >Kind regards, >-- >Jochen Bern >Systemingenieur >Binect GmbH Hello,Thanks again.Can you show me the OpenSSL commands that you use to generate the server and client certificates? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
