server certificate expired

[sancelot]

Hi,
10 years reached, my server root ca, and server.crt files have expired.

How to solve it ? is it possible without modifying client setup ?

Regards,
S.Ancelot

[maikcat]

topic18671.html

Michael.

[sancelot]

Thanks, I finally solved it differently :
build-key-server new_serv

cp new_serv.crt /etc/openvpn/server.crt
cp new_serv.key /etc/openvpn/server.key

[sancelot]

I managed run it again, using :
build-key-server new_serv

and copying new_serv.key and new_serv.crt to openvpn server .

However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
Is there a priority over ca.crt or client.crt ...I am a bit confuse....

[maikcat]

i provided the link based on this :

10 years reached, my server root ca has expired

if your CA is expired then EVERY cert is bad...

However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?

are you aware how TLS/SSL works?
also keep in mind that your clients crt is checked against servers ca.crt and vice versa.

Michael.

[sancelot]

Yes, I know. In this case, a good setup would sets ca.crt valid for eg 50 years, to sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?

Regards,
Steph

[maikcat]

to sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?

yeap

Michael.