|
Title: Openvpn "CRL has expired" problem with crl.pem Post by: Lotoss on Thursday 26 October 2023, 07:13:07 pm Hello all!
I have efw 3.2.5 with openvpn fully worked without problems before i revoked some certificates(users) for security reasons. And now nobody can connect to vpn. Error is "error=CRL has expired". After i googled it and found some solutions and one of them is to generate new crl.pem file via openssl. But in endian i cant do it and need help. I found: /var/efw/vpn - with ca certificates directory /var/efw/openvpn - with settings for openvpn (why not in vpn directory ????) /etc/openvpn - with openssl.cnf but not for endian settings.... Please help with generating clr.pem or finding best solution for this error.... Title: Re: Openvpn "CRL has expired" problem with crl.pem Post by: reetp on Thursday 26 October 2023, 11:53:21 pm You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.
From the GUI VPN/Cetificates/Certificate Revocation List The CRL will update each time you Revoke a certificate and is available for download. Or you can obtain the CRL cert directly here (after revoking the certs) /var/efw/vpn/ca/crl.pem Title: Re: Openvpn "CRL has expired" problem with crl.pem Post by: Lotoss on Friday 27 October 2023, 03:35:19 am You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually. From the GUI VPN/Cetificates/Certificate Revocation List The CRL will update each time you Revoke a certificate and is available for download. Or you can obtain the CRL cert directly here (after revoking the certs) /var/efw/vpn/ca/crl.pem Thanks, i revoked another one certificate and vpn working now. What a... |