Page 1 of 1
Client and server certificates expired
Posted: Tue Apr 25, 2017 8:33 am
by aj2r
Hello guys,
I have a client that contacts me requesting that if I know some trick to allow the connection between the client and the server with certificates expired yesterday. He only has access to the server, clients are unreachable. In my opinion this is impossible, does someone know a method to do this magic?
Thanks!
Re: Client and server certificates expired
Posted: Tue Apr 25, 2017 12:17 pm
by TinCanTech
If the CA.crt has expired along with your server.crt and client.crt then it probably is impossible to use your PKI any longer.
If only the client.crt has expired then you may be able to use --client-cert-not-required or --verify-client-cert. They are both documented in the manual.
Re: Client and server certificates expired
Posted: Tue Apr 25, 2017 4:54 pm
by aj2r
Thanks for the reply, unfortunately --client-cert-not-required disables the use of client certificates and forces username/password authentication only, but the clients are configured to use only certificate without username/password authentication. Some workaround for this?
Re: Client and server certificates expired
Posted: Tue Apr 25, 2017 5:04 pm
by TinCanTech
Why not issue a new certificate to the client ? (You have not made it clear what has actually expired)
Re: Client and server certificates expired
Posted: Tue Apr 25, 2017 5:15 pm
by aj2r
The server and client certificates have expired, and the client device is 700km from any person, so he wants to find a method that avoids the replacement of the client certificate through physical access.
Re: Client and server certificates expired
Posted: Tue Apr 25, 2017 7:54 pm
by TinCanTech