Support on expired after 10 years server certificate
Posted: Fri Jan 12, 2024 9:47 pm
Hi all.
I am using OpenVPN 2.4.9 on CentOS release 6.10 on server side.
Client side are usually Mikrotik boards, connecting using certificates to get static ip addresses.
After 10 years, server certificate expired
---------------------------------
# cat server.crt.bak
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Validity
Not Before: Jan 2 17:04:12 2014 GMT
Not After : Dec 31 17:04:12 2023 GMT
I need to renew it, without all my 100+ clients to distributed new certificates. I cannot reach them anymore, currently.
If I look at the clients certificates located in keys, I can realize that all of them will expire not before 2025, so I have the needed time to replace them, if I can connect them to the VPN again to gain access to the client configuration page.
It seems that the tool in use is pkitool in this version of OPENVPN.
Is there a way to renew the server certificate without the need to redistribute the configuration to the clients?
Thanks all.
I am using OpenVPN 2.4.9 on CentOS release 6.10 on server side.
Client side are usually Mikrotik boards, connecting using certificates to get static ip addresses.
After 10 years, server certificate expired
---------------------------------
# cat server.crt.bak
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Validity
Not Before: Jan 2 17:04:12 2014 GMT
Not After : Dec 31 17:04:12 2023 GMT
I need to renew it, without all my 100+ clients to distributed new certificates. I cannot reach them anymore, currently.
If I look at the clients certificates located in keys, I can realize that all of them will expire not before 2025, so I have the needed time to replace them, if I can connect them to the VPN again to gain access to the client configuration page.
It seems that the tool in use is pkitool in this version of OPENVPN.
Is there a way to renew the server certificate without the need to redistribute the configuration to the clients?
Thanks all.