Certificate upgrades on Windows (7) due to obsolete MD5

Scripts to manage certificates or generate config files
Post Reply
knicknack
OpenVpn Newbie
Posts: 9
Joined: Thu Sep 13, 2018 1:48 pm

Certificate upgrades on Windows (7) due to obsolete MD5

Post by knicknack » Thu Sep 13, 2018 2:03 pm

Hello,

After updating to the latest version of OpenVPN server on our Windows 7 system it has ceased to work due to support for MD5 being dropped with this version (openvpn-install-2.4.6-I602.exe).

Unfortunately I can only find information about upgrading certificates on linux-type platforms and I fear the official how-to for Windows is out of date.

Before I delve in and do it wrong, does anyone know of a resource for Windows which deals with upgrading server and client certificates? Not sure how to proceed. Many thanks.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4877
Joined: Fri Jun 03, 2016 1:17 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by TinCanTech » Thu Sep 13, 2018 2:25 pm


knicknack
OpenVpn Newbie
Posts: 9
Joined: Thu Sep 13, 2018 1:48 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by knicknack » Thu Sep 13, 2018 2:31 pm

Yes have just downloaded the latest easy-rsa. Now, because this is an existing installation I presume I need to move all my old keys, crt and pem files out of there before I start with easy-rsa, would that be right?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4877
Joined: Fri Jun 03, 2016 1:17 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by TinCanTech » Thu Sep 13, 2018 2:43 pm

Always make a backup ..

knicknack
OpenVpn Newbie
Posts: 9
Joined: Thu Sep 13, 2018 1:48 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by knicknack » Thu Sep 13, 2018 2:45 pm

Indeed, but if I'm not mistaken, the old key, pem and crt files could cause confusion and/or problems if I leave them in there. I'll take them out...

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4877
Joined: Fri Jun 03, 2016 1:17 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by TinCanTech » Thu Sep 13, 2018 2:50 pm

You will have to create a completely new PKI so make sure your old one is not in your way.

knicknack
OpenVpn Newbie
Posts: 9
Joined: Thu Sep 13, 2018 1:48 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by knicknack » Wed Sep 19, 2018 7:23 am

So I install easy-rsa but it can't find the PATH to ssl. I add the path to the Windows environment variables but it still can't find the commands. What gives? I see some others have gone ahead and re-installed Open SSL. What do you recommend?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4877
Joined: Fri Jun 03, 2016 1:17 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by TinCanTech » Wed Sep 19, 2018 12:18 pm

See vars.example

knicknack
OpenVpn Newbie
Posts: 9
Joined: Thu Sep 13, 2018 1:48 pm

Re: Certificate upgrades on Windows (7) due to obsolete MD5

Post by knicknack » Fri Sep 28, 2018 12:35 pm

Ok, that was helpful, thank you.
For others having difficulty, also helpful was this tutorial, although I didn't encrust the certificates in the server.config like he did:
https://www.alanbonnici.com/2018/01/how ... lient.html

Post Reply