We have an OpenVPN in our aws setup which was set up by a client and now they are not able to connect to open vpn say “crl has expired” .
We are trying to regenerate the crl but to do that we need to go to the easy-rsa folder and there I need to run following command:
- cd path/to/easy-rsa/directory
- here need to run the following command
- but here the problem is the easy-rsa script file inside the easy-rsa directory is missing and without that we will not be able to generate the
Tue Aug 27 10:25:17 2019 126.96.36.199:18363 VERIFY ERROR: depth=0, error=CRL has expired: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=pkoparde, name=EasyRSA, [email protected] Tue Aug 27 10:25:17 2019 188.8.131.52:18363 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed Tue Aug 27 10:25:17 2019 184.108.40.206:18363 TLS_ERROR: BIO read tls_read_plaintext error Tue Aug 27 10:25:17 2019 220.127.116.11:18363 TLS Error: TLS object -> incoming plaintext read error Tue Aug 27 10:25:17 2019 18.104.22.168:18363 TLS Error: TLS handshake failed Tue Aug 27 10:25:17 2019 22.214.171.124:18363 SIGUSR1[soft,tls-error] received, client-instance restarting
Can anyone please help me with this, This is a production server issue ?
easy-rsa is packaged already for most Linux distributions. Just install it from your package manager.
sudo apt install easy-rsa
You should run easy-rsa installed from your distribution packages as
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.