I modified the following lines in openssl.cnf to look like this: default_days = 3650 # how long to certify for default_crl_days= 3650 # how long before next CRL
Then regenerated the CRL: openssl ca -gencrl -keyfile keys/ca.key -cert keys/ca.crt -out keys/crl.pem -config ./openssl.cnf Now with openvpn 2.4 the clients are connecting fine. Regards, Laszlo Kertesz