Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VPNs expire with CRL every 30 days #1883

Open
tomasz89 opened this issue Jul 7, 2019 · 1 comment

Comments

Projects
None yet
1 participant
@tomasz89
Copy link

commented Jul 7, 2019

I noticed that every 30 days the VPN clients would not be able to connect. The OpenVPN logs state "error=CRL has expired".

This lead me to look at the CRL:
openssl crl -text -noout -in /var/lib/zentyal/CA/crl/latest.pem

Two fields is particular stuck out:
Last Update: xxx
Next Update: xxx + 1 month

And sure enough those dates and times aligned with when things worked and stopped working. So I wanted to change that update to be >30 days (3650 should do me).

I edited /var/lib/zentyal/conf/openssl.cnf and changed the CRL default time:
default_crl_days= 3650 # how long before next CRL

I now have a fairly length time before I am forced to re-evaluate my CRLs.

@tomasz89

This comment has been minimized.

Copy link
Author

commented Jul 7, 2019

#1882 Bundled the fix in here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.