diff --git a/auto_install/install.sh b/auto_install/install.sh index 7d32278..c28ded4 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -886,7 +886,7 @@ EOF ${SUDOE} openvpn --genkey --secret pki/ta.key # Generate an empty Certificate Revocation List - ${SUDOE} ./easyrsa gen-crl + ${SUDOE} EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem ${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem diff --git a/scripts/removeOVPN.sh b/scripts/removeOVPN.sh index 6bf0610..25bc5a3 100644 --- a/scripts/removeOVPN.sh +++ b/scripts/removeOVPN.sh @@ -107,7 +107,7 @@ cd /etc/openvpn/easy-rsa || exit for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" - ./easyrsa gen-crl + EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl printf "\n::: Certificate revoked, and CRL file updated.\n" printf "::: Removing certs and client configuration for this profile.\n" rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req"