Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
VPNs expire with CRL every 30 days #1883
I noticed that every 30 days the VPN clients would not be able to connect. The OpenVPN logs state "error=CRL has expired".
This lead me to look at the CRL:
Two fields is particular stuck out:
And sure enough those dates and times aligned with when things worked and stopped working. So I wanted to change that update to be >30 days (3650 should do me).
I edited /var/lib/zentyal/conf/openssl.cnf and changed the CRL default time:
I now have a fairly length time before I am forced to re-evaluate my CRLs.