About Crl has expired

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
secooonder
OpenVpn Newbie
Posts: 15
Joined: Sat Aug 10, 2019 8:40 am

About Crl has expired

Post by secooonder » Sat Nov 26, 2022 8:32 pm

Hi
My Openvpn server version is 2.5.5
when a client attempts to connect to the OpenVPN server, the client took an error.
Server.log;

Code: Select all

VERIFY ERROR: depth=0, error=CRL has expired: CN=abcde, serial=123456789
But my other openvpn server version is 2.4.7. I haven't had a problem like this for 2 years on this server.

Both server.conf and vars file are same at two open vpn server .i can not find what is the problem..

Shortly , how do you generate a CRL that has a longer expiration, like several years?

ncrawler
OpenVpn Newbie
Posts: 2
Joined: Mon Apr 06, 2020 3:04 pm

Re: About Crl has expired

Post by ncrawler » Mon Dec 05, 2022 9:49 pm

Hi,

Crl expired, need new one !

In "vars" file, change parameter "set_var EASYRSA_CRL_DAYS 180" to "set_var EASYRSA_CRL_DAYS 365" for 1 year or whatever you want.

As for me, I do "easyrsa gen-crl" , chown crl file with "openvpn:openvpn" and just copy file from "easyrsa/pki/crl.pem" to "/etc/openvpn"
No need to restart service, this file is use every time a client connect.

NC

Post Reply