From 9c475f769e46ac01ad09a3878a70f5341a04086f Mon Sep 17 00:00:00 2001
From: Jelle Dekker <jelle.dekker@hotmail.com>
Date: Wed, 11 Oct 2017 22:23:01 -0500
Subject: [PATCH] Extended the expiration date of the certificate revocation
 list to 10 years.

---
 auto_install/install.sh | 2 +-
 scripts/removeOVPN.sh   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/auto_install/install.sh b/auto_install/install.sh
index 7d32278..c28ded4 100755
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@@ -886,7 +886,7 @@ EOF
     ${SUDOE} openvpn --genkey --secret pki/ta.key
 
     # Generate an empty Certificate Revocation List
-    ${SUDOE} ./easyrsa gen-crl
+    ${SUDOE} EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
     ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
     ${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem
 
diff --git a/scripts/removeOVPN.sh b/scripts/removeOVPN.sh
index 6bf0610..25bc5a3 100644
--- a/scripts/removeOVPN.sh
+++ b/scripts/removeOVPN.sh
@@ -107,7 +107,7 @@ cd /etc/openvpn/easy-rsa || exit
 for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
     printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}"
     ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}"
-    ./easyrsa gen-crl
+    EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
     printf "\n::: Certificate revoked, and CRL file updated.\n"
     printf "::: Removing certs and client configuration for this profile.\n"
     rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req"