How to fix “CRL has expired” openvpn error on pfSense

In case of this error you need to apply a system patch called “Fix for CRL expiration lifetime default and maximum values” (a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2).

Error example

VERIFY ERROR: depth=0, error=CRL has expired: C=XX, ST=XX, L=XX, O=XX, emailAddress=XX, CN=XX, serial=3
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Fix

Patch example

If “System > Patches” is not available, you need to install a package called “System Patches” from “System > Package, Available package”.