Page 1 of 1

About Crl has expired

Posted: Sat Nov 26, 2022 8:32 pm
by secooonder
My Openvpn server version is 2.5.5
when a client attempts to connect to the OpenVPN server, the client took an error.

Code: Select all

VERIFY ERROR: depth=0, error=CRL has expired: CN=abcde, serial=123456789
But my other openvpn server version is 2.4.7. I haven't had a problem like this for 2 years on this server.

Both server.conf and vars file are same at two open vpn server .i can not find what is the problem..

Shortly , how do you generate a CRL that has a longer expiration, like several years?

Re: About Crl has expired

Posted: Mon Dec 05, 2022 9:49 pm
by ncrawler

Crl expired, need new one !

In "vars" file, change parameter "set_var EASYRSA_CRL_DAYS 180" to "set_var EASYRSA_CRL_DAYS 365" for 1 year or whatever you want.

As for me, I do "easyrsa gen-crl" , chown crl file with "openvpn:openvpn" and just copy file from "easyrsa/pki/crl.pem" to "/etc/openvpn"
No need to restart service, this file is use every time a client connect.