Out of the blue, all clients cannot connect because the crl has expired. I am unable to generate a new crl. I currently have OpenVPN configured to ignore it for the time being because clients must be able to connect. Unfortunately, until this gets fixed, banned clients are able to connect. I hope they don't realize it.
Trying to generate a new crl generates this error:
root:~/openvpn-ca#openssl ca -gencrl -keyfile keys/ca.key -cert keys/ca.crt -out keys/crl.pem
Using configuration from /usr/lib/ssl/openssl.cnf
140100508987840:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('./demoCA/index.txt','r')
140100508987840:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
I could not find anything in the man pages about how to specify the index.txt file on the commandline, so I modified the configuration to point to the folder and now it has moved on to the next error:
root:~/openvpn-ca#openssl ca -gencrl -keyfile keys/ca.key -cert keys/ca.crt -out keys/crl.pem
Using configuration from /usr/lib/ssl/openssl.cnf
/root/openvpn-ca/keys/crlnumber: No such file or directory
error while loading CRL number
139766568722880:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('/root/openvpn-ca/keys/crlnumber','r')
139766568722880:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
There is no crlnumber file and there shouldn't have to be one. I cannot figure out how to generate a new crl. The example that I am following was what others have posted and it evidently works for others without issue.
