1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-12-23 07:18:54 +00:00

Merge pull request #109 from jellemdekker/fix/expired-crl

Extended the expiration date of the certificate revocation list to 10 years
This commit is contained in:
Angristan 2017-10-03 10:10:56 +02:00 committed by GitHub
commit b61973516b

View File

@ -137,7 +137,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa --batch revoke $CLIENT ./easyrsa --batch revoke $CLIENT
./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
rm -rf pki/reqs/$CLIENT.req rm -rf pki/reqs/$CLIENT.req
rm -rf pki/private/$CLIENT.key rm -rf pki/private/$CLIENT.key
rm -rf pki/issued/$CLIENT.crt rm -rf pki/issued/$CLIENT.crt
@ -418,7 +418,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
openssl dhparam -out dh.pem $DH_KEY_SIZE openssl dhparam -out dh.pem $DH_KEY_SIZE
./easyrsa build-server-full server nopass ./easyrsa build-server-full server nopass
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# generate tls-auth key # generate tls-auth key
openvpn --genkey --secret /etc/openvpn/tls-auth.key openvpn --genkey --secret /etc/openvpn/tls-auth.key
# Move all the generated files # Move all the generated files