CRL file must not be empty #3

New issue

Closed

opened 2019-05-23 15:36:34 +02:00 by Ghost · 2 comments

Ghost commented 2019-05-23 15:36:34 +02:00

Copy link

CRL file can not be initialized by touch and must contain a valid CRL content.

CRL file can not be initialized by touch and must contain a valid CRL content.

jdubois commented 2021-05-25 11:30:20 +02:00

Member

Copy link

The CRL file must be created when the PKI is initialized, with :
openssl ca -gencrl -keyfile /etc/shellpki/cakey.key -cert /etc/shellpki/cacert.pem -out /etc/shellpki/crl.pem -config /etc/shellpki/openssl.cnf

If we are using "crl-verify" and the CRL file is empty, then OpenVPN will start but no client connection will work.

The CRL file must be created when the PKI is initialized, with : `openssl ca -gencrl -keyfile /etc/shellpki/cakey.key -cert /etc/shellpki/cacert.pem -out /etc/shellpki/crl.pem -config /etc/shellpki/openssl.cnf` If we are using "crl-verify" and the CRL file is empty, then OpenVPN will start but no client connection will work.

jdubois commented 2022-04-14 17:24:58 +02:00

Member

Copy link

This issue was resolved with commits 97f1affa1b and 6165ccec6c

This issue was resolved with commits 97f1affa1b4934b5f777ea0d17f5bf15baaa88d0 and 6165ccec6ce4cacd263bc7b18e7e1c9d2e585ebe

jdubois closed this issue 2022-04-14 17:24:58 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dev

openssl-pkey

master-legacy

debian-sid

22.12.2

22.12.1

22.12

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: evolix/shellpki#3

No description provided.