Server certificate expired - certificate verify expired

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
intane
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 14, 2017 11:16 am

Server certificate expired - certificate verify expired

Post by intane » Tue Feb 14, 2017 1:23 pm

Hi,

we current have a problem with our OpenVPN conncetivity.

Two days ago the ca.crt along with server.crt, server.key and server.csr expired.

We are using WinServer 2008r2 with Windows clients.

A new ca.crt and server.crt was built, ca.crt without pw but server.crt with pw.

I replaced the ca.crt in the server folder where server.ovpn config is telling me to.

I also replaced the ca.crt on my local client but unfortunatly without success.

The commands I use were build-ca and build-key-pass for the server.crt, and before them the command vars.bat.

Should I build the server certificate without password?
What is the command for that?

The error I get is:

VERIFY ERROR: depth=0, error=unable to get local issuer certificate: ...
OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.

Can I somehow verify the new certificates?

thank a lot


intane

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server certificate expired - certificate verify expired

Post by TinCanTech » Tue Feb 14, 2017 2:34 pm

intane wrote:A new ca.crt and server.crt was built
You will have to build and replace all your clients certificates as well.
intane wrote:Should I build the server certificate without password?
What is the command for that?
Add nopass to the commands.

intane
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 14, 2017 11:16 am

Re: Server certificate expired - certificate verify expired

Post by intane » Tue Feb 14, 2017 2:54 pm

"You will have to build and replace all your clients certificates as well"

Yes Iam aware of that, I just replaced at first only mine for the test reasons.

I added the command you told me, so "build-key server -nopass" works for the start but the question for a pem phrase comes again and if I left i blank an error occurs.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server certificate expired - certificate verify expired

Post by TinCanTech » Tue Feb 14, 2017 3:00 pm

intane wrote:so "build-key server -nopass" works
Wrong.

Code: Select all

build-key-server server.name nopass
intane wrote:the question for a pem phrase comes again and if I left i blank an error occurs.
Leave the pem passphrase blank. The error is probably due to something else.

Best advice, start from scratch.

intane
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 14, 2017 11:16 am

Re: Server certificate expired - certificate verify expired

Post by intane » Tue Feb 14, 2017 3:20 pm

build-key-server occurs the same error.

The error that occurs is TXT_DB error number 2.
*old.old could not be found.

Start from the scratch would be too much work unfortunatly :/

So I search a way to create new server certificates.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server certificate expired - certificate verify expired

Post by TinCanTech » Tue Feb 14, 2017 3:49 pm

intane wrote:Two days ago the ca.crt along with server.crt, server.key and server.csr expired
intane wrote:Start from the scratch would be too much work
I do not believe you have a choice ..

You are welcome to scour the internet and try to find a solution, if you prefer ..

intane
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 14, 2017 11:16 am

Re: Server certificate expired - certificate verify expired

Post by intane » Tue Feb 14, 2017 4:23 pm

I want to search a little bit more before I do everything from the beginning.

Post Reply