Hi,
10 years reached, my server root ca, and server.crt files have expired.
How to solve it ? is it possible without modifying client setup ?
Regards,
S.Ancelot
server certificate expired
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Aug 24, 2015 8:19 am
Re: server certificate expired
Thanks, I finally solved it differently :
build-key-server new_serv
cp new_serv.crt /etc/openvpn/server.crt
cp new_serv.key /etc/openvpn/server.key
build-key-server new_serv
cp new_serv.crt /etc/openvpn/server.crt
cp new_serv.key /etc/openvpn/server.key
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Aug 24, 2015 8:19 am
Re: server certificate expired
I managed run it again, using :
build-key-server new_serv
and copying new_serv.key and new_serv.crt to openvpn server .
However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
Is there a priority over ca.crt or client.crt ...I am a bit confuse....
build-key-server new_serv
and copying new_serv.key and new_serv.crt to openvpn server .
However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
Is there a priority over ca.crt or client.crt ...I am a bit confuse....
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: server certificate expired
i provided the link based on this :
also keep in mind that your clients crt is checked against servers ca.crt and vice versa.
Michael.
if your CA is expired then EVERY cert is bad...10 years reached, my server root ca has expired
are you aware how TLS/SSL works?However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
also keep in mind that your clients crt is checked against servers ca.crt and vice versa.
Michael.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Aug 24, 2015 8:19 am
Re: server certificate expired
Yes, I know. In this case, a good setup would sets ca.crt valid for eg 50 years, to sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?
Regards,
Steph
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?
Regards,
Steph
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: server certificate expired
yeapto sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?
Michael.