Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-19 03:10:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Extended the expiration date of the certificate revocation list to 10 years.

Browse source
This commit is contained in:
Jelle Dekker 2017-10-11 22:23:01 -05:00
parent e3f77afc95
commit 9c475f769e
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
auto_install/install.sh
View file

@ -886,7 +886,7 @@ EOF
${SUDOE} openvpn --genkey --secret pki/ta.key ${SUDOE} openvpn --genkey --secret pki/ta.key
# Generate an empty Certificate Revocation List # Generate an empty Certificate Revocation List
${SUDOE} ./easyrsa gen-crl ${SUDOE} EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem ${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem

2
scripts/removeOVPN.sh
View file

@ -107,7 +107,7 @@ cd /etc/openvpn/easy-rsa || exit
for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}"
./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}"
./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
printf "\n::: Certificate revoked, and CRL file updated.\n" printf "\n::: Certificate revoked, and CRL file updated.\n"
printf "::: Removing certs and client configuration for this profile.\n" printf "::: Removing certs and client configuration for this profile.\n"
rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req"