Hi Gert,
>> I tried
>> $OPENSSL ca -gencrl -days $SA_EXPIRE -out "$CRL" -config "$KEY_CONFIG"
>> but that still generated a crl file for one month.
>
> Make that "-crldays $SA_EXPIRE"
Thanks, after fixing my own type ($CA_EXPIRE, not $SA_...) it works like
expected.
Now I have a crl file
Hi,
because you state that you have only three clients to maintain I would
recommend you you update your EasyRSA to version 3:
https://github.com/OpenVPN/easy-rsa/releases
A lot of work has gone into this, including new recommended security
settings and other functionality.
There is no
[I just realized I failed to post this to the list and only to Bonno. Sorry
Bonno, you'll get it twice now! :) ]
Probably not the answer you're looking for - but I gave up on EasyRSA a while
ago. [It's unevenly updated, had serious problems, was concerned about the
default key security (in an
Hi,
> > Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an
> > up2date CRL file. However, I am still using easyrsa v2.2 and it has no
> > gen-crl command.
>>[...]
>> What do I need to change in this line?
>> $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
>>
Hi Bonno
Am 11.03.2019 um 10:55 schrieb Bonno Bloksma:
> Hi,
>
> Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an
> up2date CRL file. However, I am still using easyrsa v2.2 and it has no
> gen-crl command.
>
> I created a copy of revoke-full and deleted the revoke
Hi,
Got bitten (twice) with the problem that the new OpenVPN version DEMANDS an
up2date CRL file. However, I am still using easyrsa v2.2 and it has no gen-crl
command.
I created a copy of revoke-full and deleted the revoke stuff so it just creates
a new crl file.
So far, that works. But.