diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7bcbb1..4217474 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,8 +10,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+* Defaults default_crl_days to 2 years instead of 1
+
 ### Fixed
 
+* Fix ${CRL} and ${CA_DIR} rights so that CRL file can be read by openvpn
+
 ### Removed
 
 ### Security
diff --git a/openssl.cnf b/openssl.cnf
index 5e1e3c8..dbda2b0 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -14,7 +14,7 @@ crl             = $dir/crl.pem
 private_key     = $dir/cakey.key
 RANDFILE        = $dir/.rand
 default_days    = 365
-default_crl_days= 365
+default_crl_days= 730
 default_md      = sha256
 preserve        = no
 policy          = policy_match