Seamless certificate renewal/change
Posted: Thu Mar 09, 2017 8:58 am
Following situation:
In 2008 I build up a OpenVPN installation for remote assistance of our customers machines (clients).
Using easyRSA, I created a CA and its ca.crt, a server.crt and many client crts with a validity of 3650 days...
Now 2018 is near and I have to asure the continuous support of the clients.
The server currently is setup with its files ca.crt, server.crt, dh2048.pem and crl.pem, the clients have there equivalent files ca.crt and client.crt (each client its own individual client certificate of course).
To asure the remote assistance in the future, I am forced to make all changes on the clients 'through' the OpenVPN tunnel - there is no other possibility!
Because there are more one clients, all server changes have to be compatible with both client types (the 'old' clients with the current certificates and the 'renewed' clients with the (re?)newed certificates).
I did a lot of research in the internet but was not able to find a solution how to do this.
Any help appreciated!
In 2008 I build up a OpenVPN installation for remote assistance of our customers machines (clients).
Using easyRSA, I created a CA and its ca.crt, a server.crt and many client crts with a validity of 3650 days...
Now 2018 is near and I have to asure the continuous support of the clients.
The server currently is setup with its files ca.crt, server.crt, dh2048.pem and crl.pem, the clients have there equivalent files ca.crt and client.crt (each client its own individual client certificate of course).
To asure the remote assistance in the future, I am forced to make all changes on the clients 'through' the OpenVPN tunnel - there is no other possibility!
Because there are more one clients, all server changes have to be compatible with both client types (the 'old' clients with the current certificates and the 'renewed' clients with the (re?)newed certificates).
I did a lot of research in the internet but was not able to find a solution how to do this.
Any help appreciated!