crl-verify causes server to crash when client connects

Fosters · Post by **Fosters** » Tue Aug 31, 2010 7:27 am

Hi,

I am using OpenVPN 2.1_rc7 on ubuntu as a server, and connecting with a windows client.
My goal is to make sure that when I revoke a certificate it is not accepted anymore by the server.
For this I followed the instruction under http://openvpn.net/index.php/open-sourc ... tml#revoke
The problem is that as soon as I add the line : crl-verify <path>/revoke-<cert_name>.pem to my server config file, event the non-revoked certificates cannot connect to the server.
In fact, when going back to the server and checking for the openvpn process, I can see it went down.

As soon as I comment the crl-verify line everything works fine again...

Any idea why this doesn't work ?

Fosters · Post by **Fosters** » Wed Sep 01, 2010 6:44 am

Hi again. I finally solved my problem.
Just to help people that could have the same isssue, here is what hapened :

I realized that when running openvpn service from the command line, it was not crashing when a client connected, but when running it as a daemon it was crashing.

The problem was simple, as after being launched openvpn uses the nobody user, it was not able to find the crl.pem file with its relative path (the same used for server certificate for example).
The solution was simply to indicate the full pass to the revocation file.

Hope this will help some people as it could be tricky to find out.

OpenVPN Support Forum

crl-verify causes server to crash when client connects

crl-verify causes server to crash when client connects

Re: crl-verify causes server to crash when client connects