If you get the following error:

VERIFY ERROR: depth=0, error=CRL has expired

it means that the Certificate Revocation List is expired and needs to be renewed. (Rationale). Here’s how you can do that.

Checking the expiration period:

openssl crl -in <strong>ca-crl.pem</strong> -text | grep 'Next Update'

To renew run:

openssl ca -gencrl -config ca.conf -out ca-crl.pem

 

To modify the interval change default_crl_days.