Client certificates not valid until five hours later.

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
MCComputerServices
OpenVpn Newbie
Posts: 2
Joined: Thu Jul 28, 2016 3:37 pm

Client certificates not valid until five hours later.

Post by MCComputerServices » Thu Jul 28, 2016 4:02 pm

I'm taking over from a previous administrator and have recently had to upgrade some operating system stuff as the old stuff was...really old. The problem is that I don't have any experience with OpenVPN and I believe I broke our implementation during the upgrade process. The problem that I'm having is that certificates are being generated with a "Not Before" date for several hours into the future. The certificate chain works fine and all the signing is functioning properly, but anyone who has to generate a new certificate can't use it the same day.

Where would the most common places be to configure something like this. I don't believe we have any custom configuration of openssl getting in the way, and diving into all the easy-rsa configurations I couldn't find any specification for setting a validity date in the future. I'm sure the problem is just a lack of documentation on our end, but I don't know where to start. Anyone have any ideas?

I would say that just starting over from scratch would probably be easier and would make me become familiar with how OpenVPN works, but as always, the business schedule won't permit it. This has to be back up and running as quickly as possible.

Our server is using easy-rsa 2.0 and the openvpn service is 2.3.6.

Thanks,
Mike

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client certificates not valid until five hours later.

Post by TinCanTech » Thu Jul 28, 2016 5:40 pm

MCComputerServices wrote:Where would the most common places be to configure something like this
Your computer clock.

MCComputerServices
OpenVpn Newbie
Posts: 2
Joined: Thu Jul 28, 2016 3:37 pm

Re: Client certificates not valid until five hours later.

Post by MCComputerServices » Fri Jul 29, 2016 2:16 pm

Clock settings are correct for both server and client. That was something that caught me before, but I made sure to check it this time.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client certificates not valid until five hours later.

Post by TinCanTech » Fri Jul 29, 2016 2:33 pm

Check Timezone.

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Client certificates not valid until five hours later.

Post by TiTex » Fri Aug 12, 2016 11:19 am

That depends how is your setup configured , if it's a custom script that generates the certificates then you need to check which files are sourced by that script or what variables are inside the script
if you are using easy-rsa , there is a file in which the variables are stored named vars

Post Reply