From a9a10c4ac4691f2ff70647307f85f06aa0faa926 Mon Sep 17 00:00:00 2001
From: jdubois <jdubois+gitit@evolix.fr>
Date: Wed, 10 Aug 2022 17:50:39 +0200
Subject: [PATCH] =?UTF-8?q?Re=20g=C3=A9n=C3=A9rer=20CRL=20manuellement?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 HowtoOpenVPN.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/HowtoOpenVPN.md b/HowtoOpenVPN.md
index 943cbdd0..975a1f42 100644
--- a/HowtoOpenVPN.md
+++ b/HowtoOpenVPN.md
@@ -440,6 +440,12 @@ Si l'on utilise une version ancienne de [shellpki](https://gitea.evolix.org/evol
 # cp crl.pem /var/empty
 ~~~
 
+Sur les versions récentes, la CRL est re-générée à chaque révocation d'un certificat, ou peut être re-générée ainsi :
+
+~~~
+# openssl ca -gencrl -keyfile /etc/shellpki/cakey.key -cert /etc/shellpki/cacert.pem -out /etc/shellpki/crl.pem -config /etc/shellpki/openssl.cnf
+~~~
+
 ### Erreur « CRL has expired » (serveur OpenVPN – OpenBSD)
 
 ~~~