From bb22c4f1586cb78a88f7757f4da2acbcf4093d8e Mon Sep 17 00:00:00 2001
From: Tzvi Spitz <tes5884@users.noreply.github.com>
Date: Tue, 28 Mar 2017 12:47:44 -0400
Subject: [PATCH] chmod crl.pem to nobody on revoke

---
 openvpn-install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index cee3e36..b0ee0d9 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -133,6 +133,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 			rm -rf pki/issued/$CLIENT.crt
 			rm -rf /etc/openvpn/crl.pem
 			cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
+			chmod nobody:nobody /etc/openvpn/crl.pem
 			echo ""
 			echo "Certificate for client $CLIENT revoked"
 			echo "Exiting..."