diff --git a/doc/EasyRSA-Renew-and-Revoke.md b/doc/EasyRSA-Renew-and-Revoke.md index d6b4031a..b48cf276 100644 --- a/doc/EasyRSA-Renew-and-Revoke.md +++ b/doc/EasyRSA-Renew-and-Revoke.md @@ -238,7 +238,7 @@ Please consider the method outlined here, which requires very little work: 4. Use command `sign-req ` - (With or without other preferences, password is not relavent) + (With or without other preferences, password is not relevant) This will use an existing Request to sign a new Certificate. diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index d32cc4a9..5586ced6 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3592,7 +3592,10 @@ gen_crl() { $crl_der_note An updated CRL has been created: -* $out_file" +* $out_file + +IMPORTANT: When the CRL expires, an OpenVPN Server which uses a +CRL will reject ALL new connections, until the CRL is replaced." } # => gen_crl() # import-req backend @@ -5285,9 +5288,10 @@ fi # #set_var EASYRSA_CERT_EXPIRE 825 -# How many days until the next CRL publish date? Note that the CRL can still -# be parsed after this timeframe passes. It is only used for an expected next -# publication date. +# How many days until the Certificate Revokation List will expire. +# +# IMPORTANT: When the CRL expires, an OpenVPN Server which uses a +# CRL will reject ALL new connections, until the CRL is replaced. # #set_var EASYRSA_CRL_DAYS 180 diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example index 95e401fc..7ddc842d 100644 --- a/easyrsa3/vars.example +++ b/easyrsa3/vars.example @@ -147,9 +147,10 @@ fi # #set_var EASYRSA_CERT_EXPIRE 825 -# How many days until the next CRL publish date? Note that the CRL can still -# be parsed after this timeframe passes. It is only used for an expected next -# publication date. +# How many days until the Certificate Revokation List will expire. +# +# IMPORTANT: When the CRL expires, an OpenVPN Server which uses a +# CRL will reject ALL new connections, until the CRL is replaced. # #set_var EASYRSA_CRL_DAYS 180