If you get the following error:
VERIFY ERROR: depth=0, error=CRL has expired
it means that the Certificate Revocation List is expired and needs to be renewed. (Rationale). Here’s how you can do that.
Checking the expiration period:
openssl crl -in <strong>ca-crl.pem</strong> -text | grep 'Next Update'
To renew run:
openssl ca -gencrl -config ca.conf -out ca-crl.pem
To modify the interval change default_crl_days.