On Thursday 03 July 2008 15:15, John Abreau wrote: > On Thu, July 3, 2008 1:18 pm, Drew Van Zandt said: > > Minor warning: OpenVPN is configured NOT to check for revoked > > certificates by default. (Default install on Debian, anyway, and I > > suspect it's similar > > elsewhere.) Not likely a big deal for home use, but for business use.... > > fortunately I was careful enough to check a known-revoked certificate the > > first time I needed to revoke one, because I wasn't 100% sure I'd done it > > properly. > > That's odd; whenever I installed it, I found it was not configured > AT ALL, aside from some sample configs in the documentation. But then > I did this on Fedora, CentOS, RHEL, Windows, and MacOSX, not on debian.
I always considered what came with Debian relatively unconfigured as well. I don't know what a default CRL would look like. Having it reference a CRL at all would indicate you've setup a CA for your certs, but that's something everyone will likely do a little differently and distribute a little differently. -N _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/