[Fixed] Expired CA - clients can't connect / again

Scripts to manage certificates or generate config files
Post Reply
er4z0r
OpenVpn Newbie
Posts: 3
Joined: Fri May 24, 2019 6:38 am

[Fixed] Expired CA - clients can't connect / again

Post by er4z0r » Fri May 24, 2019 7:04 am

Hi there.

I went into the same issue with the expired CA which is mentioned here: viewtopic.php?f=22&t=18671

However, the suggested method does not work for me:

Code: Select all

 # openssl verify -CAfile ca.crt test.crt
C = ...
error 10 at 1 depth lookup: certificate has expired
C = ...
error 10 at 0 depth lookup: certificate has expired
error test.crt: verification failed

# openssl x509 -in ca.crt -days 36500 -out ca_new.crt -signkey ca.key

# openssl verify -CAfile ca_new.crt test.crt
C ...
error 7 at 0 depth lookup: certificate signature failure
error test.crt: verification failed
140120692352832:error:04091077:rsa routines:int_rsa_verify:wrong signature length:crypto/rsa/rsa_sign.c:132:
140120692352832:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:crypto/asn1/a_verify.c:171:

I noticed the key-size changed from 1024 to 2048:

ca.crt

Code: Select all

        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
ca_new.crt

Code: Select all

        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
It'd be great if someone could give me some hints.

Thanks!

er4z0r
OpenVpn Newbie
Posts: 3
Joined: Fri May 24, 2019 6:38 am

Re: [Fixed] Expired CA - clients can't connect / again

Post by er4z0r » Fri May 24, 2019 8:34 am

ok, so I noticed my ca.key somehow has been changed while I was testing... thats the reason for the failed verify

Post Reply