Good morning,
After getting my VPN working and testing on a Kali client, I moved on to my next task; getting OpenVPN working on my Yealink VoIP phone. I spent days on this, but couldn't get it working. I'd see multiple server log entries indicating a TLS mismatch.
Yesterday I finally found a post indicating the problem is that my phone only supports SHA1, whereas my VPN certificates are signed with SHA256. I don't remember seeing this option when I generated the CA, Client & Server certificates. I guess the best solution is to get a new phone that supports SHA256 & higher. But in the meantime I have a few questions.
- Can I generate new certificates using SHA1?
- How do I specify which signing algorithm I use (SHA1 or SHA256)?
- If I did this, would I need to rebuild certificates for my existing VPN clients? Or is it possible to generate a CA only for the phone, but continue to use existing certificates for existing clients?
I'm still really green in this area; would really appreciate if anybody can point me to documentation that clearly defines the different certificates, scope, and how they are implemented in OpenVPN.
Thank you!
Do I have to generate new ca & server certs?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Aug 22, 2016 3:12 pm