OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

ca.crt expiring soon

https://forums.openvpn.net/viewtopic.php?t=36112

Page 1 of 1

ca.crt expiring soon

Posted: Fri Aug 18, 2023 6:58 am
by nicopizzinato
Good morning
in an openVPN" with "easyRSA 3" I have the problem that "ca.crt" and "server.crt" are expiring in 4 months.
The problem is that the 50 clients are 3G/4G connected routers distributed all over Italy.
Is there any way to re-sign the CA without having to connect one by one to the 50 routers while maintaining continuity of service?
Thanks to all

Re: ca.crt expiring soon

Posted: Mon Aug 21, 2023 11:48 pm
by openvpn_inc
Hello nicopizzinato,

If any certificate is expired, the connection will fail. Ensure that on both server and client side there are certificates present that are valid.

So yes, this means replacing certificates.

The CA private key, or any private key, has no expiration date on it. It's only certificates that have that. So you can make new certificates from the same private key. That allows the old and new certificates to validate as the validation is done using the signature placed on the certificates, which comes from the private key data. And that will then be the same.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/