Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 09:33:50 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Openvpn "CRL has expired" problem with crl.pem
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Openvpn "CRL has expired" problem with crl.pem  (Read 76411 times)
Lotoss
Jr. Member
*
Offline Offline

Posts: 2



« on: Thursday 26 October 2023, 07:13:07 pm »

Hello all!
I have efw 3.2.5 with openvpn fully worked without problems before i revoked some certificates(users) for security reasons. And now nobody can connect to vpn.
Error is "error=CRL has expired". After i googled it and found some solutions and one of them is to generate new crl.pem file via openssl. But in endian i cant do it and need help.
I found:
/var/efw/vpn - with ca certificates directory
/var/efw/openvpn - with settings for openvpn (why not in vpn directory Huh?)
/etc/openvpn - with openssl.cnf but not for endian settings....

Please help with generating clr.pem or finding best solution for this error....
Logged
reetp
Jr. Member
*
Offline Offline

Posts: 2



« Reply #1 on: Thursday 26 October 2023, 11:53:21 pm »

You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.

From the GUI

VPN/Cetificates/Certificate Revocation List

The CRL will update each time you Revoke a certificate and is available for download.

Or you can obtain the CRL cert directly here (after revoking the certs)

/var/efw/vpn/ca/crl.pem
Logged
Lotoss
Jr. Member
*
Offline Offline

Posts: 2



« Reply #2 on: Friday 27 October 2023, 03:35:19 am »

You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.

From the GUI

VPN/Cetificates/Certificate Revocation List

The CRL will update each time you Revoke a certificate and is available for download.

Or you can obtain the CRL cert directly here (after revoking the certs)

/var/efw/vpn/ca/crl.pem


Thanks, i revoked another one certificate and vpn working now. What a...
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com