Action Plan to Upgrade Certs?
Posted: Thu Mar 19, 2015 8:07 pm
I have a server(Linux)/client(Windows) setup with many clients. Clients are only accessible through the OVPN tunnel. It was originally setup with OVPN 2.1 and has worked well. With all the recently discovered vulnerabilities, i have updated both server and clients to OVPN 2.3.5. Certificates were originally issued by OpenSSL v0.9.7m. CA OpenSSL is now upgraded to v1.0.2
Now it is time to upgrade the old certificates, both server and clients certs. But how to do it over the vpn without taking the system down or having to dispatch someone to each client? I was hoping to find someone's experience to follow. I've done a lot of searching for such, but no luck.
Now it is time to upgrade the old certificates, both server and clients certs. But how to do it over the vpn without taking the system down or having to dispatch someone to each client? I was hoping to find someone's experience to follow. I've done a lot of searching for such, but no luck.
- Original ca, server and client certs were only 1024. So all will need to be re-done.
- I am good with scripting, and expect to use that to connect down the tunnels to push files and make changes.
- Possibly certificate stacking can be used to allow old and new certs to function on the server concurrently during the transition?
- I suspect i am not the only one in this predicament. Documenting this process may be of help to others also, and am willing to contribute by pulling this together.