Louis Matthijssen

Louis Matthijssen

C# Software Engineer

OpenVPN CRL has expired

less than 1 minute read

After upgrading to OpenVPN 2.4.0, I got the following error when trying to connect to OpenVPN:

TLS: Initial packet from [AF_INET]x.x.x.x:50263, sid=2bd2de7a bd6f8694
VERIFY ERROR: depth=0, error=CRL has expired: CN=louis
OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting

It appears that OpenVPN 2.4 doesn’t accept CRLs with a nextUpdate value that is in the past.

Fixing this issue is simple: regenerate the CRL.

I used EasyRSA to generate my CRL in the past, so I was able to fix it using these commands:

cd /etc/openvpn/easy-rsa
./easyrsa gen-crl
systemctl restart openvpn

Updated:

Leave a comment

You may also enjoy

Install Kerio Control VPN Client on Fedora

1 minute read

When switching from Ubuntu (18.04) to Fedora (28), I saw that the Kerio Control VPN Client is only available on Debian/Ubuntu. I managed to get it working on...

Xonar DGX on Ubuntu 18.04

less than 1 minute read

When switching from Windows to Ubuntu 18.04, my sound card (Asus Xonar DGX) didn’t seem to work anymore.

Office 2016 defaults to Times New Roman

less than 1 minute read

Every time I installed Office 2016 (from Office 365) the default font was Times New Roman instead of Calibri. After trying many things to fix this (and manua...

Hyper-V on NUC7i5BNK

3 minute read

I wanted to use my NUC7i5BNK as a Hyper-V server. I’ll note the basic steps here as I encountered a few issues during installation and configuration.