From 603d6747b9bc7663bfbc5b0d6d785084c83f5d74 Mon Sep 17 00:00:00 2001 From: Jelle Dekker Date: Fri, 29 Sep 2017 16:13:02 -0500 Subject: [PATCH] Extended the expiration date of the certificate revocation list to 10 years. --- openvpn-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 3b49d31..b0603db 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -137,7 +137,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) cd /etc/openvpn/easy-rsa/ ./easyrsa --batch revoke $CLIENT - ./easyrsa gen-crl + EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl rm -rf pki/reqs/$CLIENT.req rm -rf pki/private/$CLIENT.key rm -rf pki/issued/$CLIENT.crt @@ -418,7 +418,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service openssl dhparam -out dh.pem $DH_KEY_SIZE ./easyrsa build-server-full server nopass ./easyrsa build-client-full $CLIENT nopass - ./easyrsa gen-crl + EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl # generate tls-auth key openvpn --genkey --secret /etc/openvpn/tls-auth.key # Move all the generated files