[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Delete certificates

  • Subject: Re: [Openvpn-users] Delete certificates
  • From: "Lars Bonnesen" <lars_bonnesen@xxxxxxxxxxx>
  • Date: Tue, 05 Jun 2007 08:21:04 +0200

   Yeah .... you're having permission problems on the file.

Please note that OpenVPN starts as root, read all the key (CA, server, etc) as root and then drop privileges to the desired user. In your case, nobody.

The CRL file is the only key file that is read again in each connection. So, it must be readable to the low-privilege user you choose.

The error you're having simply indicates that OpenVPN is not being able to read the file.

Fix the permissions problem. Check file permissions as well as directory permissions.

When OpenVPN is able to read crl.pem file, you'll get things working the desired way.

Great - thanks for the information. I moved the crl.pem file out of the directory (don't want to change permissions on that directory) and now OpenVPN can read it (I get connected, and the log is saying CRL CHECK OK.

As another one said, I will now setup a cron job so that the file is copied once a day (that is adequate for this system).

Thanks, Lars.

Vælg selv hvordan du vil kommunikere - skrift, tale, video eller billeder med MSN Messenger: http://messenger.msn.dk/ - her kan du det hele

OpenVPN mailing lists