If it cannot read the crl file, than that's a problem :) Check, if all directory is world readable (not just the crl, but all 'upstream' directories, like /etc, /etc/openvpn ... !)
-----Original Message----- From: richard lucassen [mailto:mailingli...@lucassen.org] Sent: Thursday, April 16, 2020 12:51 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] crl-verify On Thu, 16 Apr 2020 12:30:48 +0200 Dajka Tamás <vi...@vipernet.hu> wrote: > why not simply using a CRL file and revoke the unneeded certificate? Because it's a nice and simple option ;-) > To debug the issue, I think we'll need some logs with 'verb 4' - at > least from the server side. Even with "verb 9" there is NO log line containing the word "crl". That's quite weird isn't it? I can see all options of the conf file pass by when restarting this instance (I cannot restart the complete server as it's a production server) Bug? Oh, and BTW, I tried the crl file, just to try, but got: "CRL: cannot read CRL from file". The dir is 755 and the file crl.pem is 644. I run openvpn as nobody/nogroup. R. -- richard lucassen http://contact.xaq.nl/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
