Client and server certificates expired

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
aj2r
OpenVpn Newbie
Posts: 4
Joined: Sat May 21, 2011 11:14 am

Client and server certificates expired

Post by aj2r » Tue Apr 25, 2017 8:33 am

Hello guys,

I have a client that contacts me requesting that if I know some trick to allow the connection between the client and the server with certificates expired yesterday. He only has access to the server, clients are unreachable. In my opinion this is impossible, does someone know a method to do this magic?

Thanks!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and server certificates expired

Post by TinCanTech » Tue Apr 25, 2017 12:17 pm

If the CA.crt has expired along with your server.crt and client.crt then it probably is impossible to use your PKI any longer.

If only the client.crt has expired then you may be able to use --client-cert-not-required or --verify-client-cert. They are both documented in the manual.

aj2r
OpenVpn Newbie
Posts: 4
Joined: Sat May 21, 2011 11:14 am

Re: Client and server certificates expired

Post by aj2r » Tue Apr 25, 2017 4:54 pm

Thanks for the reply, unfortunately --client-cert-not-required disables the use of client certificates and forces username/password authentication only, but the clients are configured to use only certificate without username/password authentication. Some workaround for this?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and server certificates expired

Post by TinCanTech » Tue Apr 25, 2017 5:04 pm

Why not issue a new certificate to the client ? (You have not made it clear what has actually expired)

aj2r
OpenVpn Newbie
Posts: 4
Joined: Sat May 21, 2011 11:14 am

Re: Client and server certificates expired

Post by aj2r » Tue Apr 25, 2017 5:15 pm

The server and client certificates have expired, and the client device is 700km from any person, so he wants to find a method that avoids the replacement of the client certificate through physical access.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and server certificates expired

Post by TinCanTech » Tue Apr 25, 2017 7:54 pm


Post Reply