my CA cert is expired and no access to clients

Scripts to manage certificates or generate config files
Post Reply
kris vpn
OpenVpn Newbie
Posts: 1
Joined: Tue Jan 28, 2020 11:51 am

my CA cert is expired and no access to clients

Post by kris vpn » Tue Jan 28, 2020 12:01 pm

Hi,

I have a quite old version of openvpn (1.x) running on a centos 7 machine.
I am using the openvpn extension on webmin to manage the server/certs, and this extension only supports md5 certs (I know, work in progress to update the extension).

I understand that I must create a new CA based on the old CA using openssl option -signkey ca.key..

I also understand that I must send the new CA on all the clients and devices connecting to my server... this is now impossible to reach them since the CA cert is expired...

Question: Do I have to update all the certs of all the clients and the server ? Because, when I update the CA with the recipe given here : https://buger.dread.cz/openvpn-expired- ... cates.html they say the new ca.crt must be uploaded to all clients.

Is there any solution ?

Am I missing something?

Thank you a lot

User avatar
Pippin
Forum Team
Posts: 797
Joined: Wed Jul 01, 2015 8:03 am

Re: my CA cert is expired and no access to clients

Post by Pippin » Tue Jan 28, 2020 1:29 pm

(I know, work in progress to update the extension)
Am I missing something?
You are missing update the whole thing to latest.....

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7316
Joined: Fri Jun 03, 2016 1:17 pm

Re: my CA cert is expired and no access to clients

Post by TinCanTech » Tue Jan 28, 2020 1:47 pm

kris vpn wrote:
Tue Jan 28, 2020 12:01 pm
I have a quite old version of openvpn (1.x) running
:lol: May as well use GRE ..

Also, https://community.openvpn.net/openvpn/w ... sa-upgrade
You will need easyrsa3 git/master: https://github.com/OpenVPN/easy-rsa

Post Reply