Merge pull request #231 from dod-ccpo/fix-crls

Update ssl crl config and certs

ssl/client-certs/README.md

@@ -28,3 +28,7 @@ openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.m
 > atat.mil.crt: OK
 ```
 
+To regenerate the crl:
+
+`openssl ca -gencrl -keyfile client-ca.key -cert client-ca.crt -out <cert_name>.crl -config crl_openssl.conf`
+`openssl crl -inform der -in client-ca.der.crl -noout -text`

ssl/client-certs/crl_openssl.conf

@@ -8,7 +8,7 @@ database       = $dir/index.txt        # index file.
 # new_certs_dir  = $dir/newcerts         # new certs dir
 
 default_days   = 365                   # how long to certify for
-default_crl_days= 30                   # how long before next CRL
+default_crl_days = 365                 # how long before next CRL
 default_md     = md5                   # md to use
 
 policy         = policy_any            # default policy