Openvpn CRL Error


I can’t connect to my turris omnia through openvpn anymore. My log has this error: VERIFY ERROR: depth=0, error=CRL has expired: CN=XXXXX. In Foris->Openvpn the client is valid. Can anyone help? Thank you.

Could this be the reason? I also found that /etc/ssl/openssl.cnf contains the following line:

default_crl_days= 30 # how long before next CRL

Could this be the cause? If I change the value to 365 and issue a new client certificate, will it last for a year? Thank you.

1 Like

Hi @RomanHK,

Thank you very much for your help! I just used the turris-cagen refresh, there was no need for the switch command. I also changed the default_crl_days in /etc/cagen/openssl.cnf to 3650. Let’s hope it lasts more than a month now. Again, thank you very much for your help!