-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
------- Original Message ------- On Thursday, February 23rd, 2023 at 15:10, Bo Berglund <bo.bergl...@gmail.com> wrote: > When I first try (and fail) to connect then go in via the other server to read > the log I find this: > > 217.31.190.108:63723 TLS: Initial packet from [AF_INET]217.31.190.108:63723, > sid=863c9ad5 e9b05ce9 > 217.31.190.108:63723 VERIFY ERROR: depth=0, error=CRL has expired: C=US, > ST=TX, > L=Austin, O=Companyname, OU=IT, CN=BosseB_AGI, name=BosseB_AGI, > emailAddress=*** Your CRL (certificate revocation list) has expired. If you use Easy-rsa (https://github.com/OpenVPN/easy-rsa) then you can build a new CRL with: easyrsa gen-crl This builds a new CRL which is valid for 180 days. You can configure the validity period with option --days: easyrsa --days=365 gen-crl You can also get advanced warning of expiring certificates with: easyrsa show-expire The default is 90 days but that can also be configured via option --days Hope that helps. -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBQJj94f9CRBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAAAzjQgAro4N1JeNauTcaMa9zHLsXMwTc2m8iabSWu9KWXGFjnIRumN+ Z5CLIoEUmbWh6fXVJdngkzdrJRkOS3DuMgtoVhM09umKcTOOrZvEDQFdKXd3 aRGZzhbpR5qwj4rh09xz1W+rxx3BphfMYdJ/Rd+njdoh9VKUR4l/mhiYNfFL I1CElCs8J5KAJaYGSHjPLXRkvNH6qdzKo7IoX8CCCdltOL5wfnPrutLqERhj sirBg8EovwEu8bT90MmPO1Xps9wPx8QxNJnB8xZL56R9Np0w15Oa9LeLUJO8 OTBC9RrA5FleGeDDl1oLdlGXIFioIzwX0dyLj/PFyRaUXQwvVW7rPg== =xBBZ -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
