On Thu, 2006-01-19 at 20:08 +0200, Alon Bar-Lev wrote:
> John A. Sullivan III wrote:
> > I finally got OpenVPN working with multiple CAs by concatenating the CA
> > certs into one file and using that with the ca parameter. Thanks to all
> > on the list who helped me understand that.
> > However, does one handle the CRLs the same way? In other words, I will
> > need CRLs from each of those CAs but there is only one file as an
> > argument to crl-verify so does one simply concatenate the CRLs from the
> > different CAs together? Of course, that then implies a manual process
> > for CRL distribution. Is there an automated way to retrieve CRLs built
> > in to OpenVPN or must one do it with third party scripts? Thanks - John
> Have you tried --capath option?
> It does what you require.
> But there is a problem, you cannot modify the CRL files
> while the OpenVPN process is up.
> I've looked at this issue a while ago, but could not find
> time to complete.
> Best Regards,
> Alon Bar-Lev.
Thanks but I don't see that option in the man pages - John
John A. Sullivan III
Open Source Development Corporation
Financially sustainable open source development