[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: easyrsa & crl-verify after demotion ?

  • Subject: [Openvpn-users] Re: easyrsa & crl-verify after demotion ?
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 13:54:16 -0600

On Mon, 13 Dec 2004 12:53:11 -0600, Steven Palm wrote:

> As a temporary fix, I've changed the easy-rsa  openvpn.cnf  file to put
> the crl.pem file out where it's not so highly protected and is readable
> by a group that openvpn runs in.  Is this a good compromise?

Sure. The CRL shouldn't be writable by anyone, but leaving it even
world-readable should be entirely safe, in the same way that leaving
certificates (but not keys) world-readable is safe.

Openvpn-users mailing list