On 04.02.24 16:32, Bo Berglund wrote:
It took a week after revoking him until I could no longer access the site myself (I live about 6000 km away from the site and rely on OpenVPN for access).
We once apparently had someone think that it'd be "neat and tidy" to have a root CA cert's validity end 01-Jan 00:00 ... 'nuff said.
However: That's a central server that supposedly can be adminned only by your IT, and is being monitored in some way, likely allowing to keep tabs on whether the installed CRL is current/recent (or someone snuck in some pre-revocation version), too. What's the rationale to limit a CRL installed *there* to a lifetime of one week, if that's a burden to ops?
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
