Hi,
I have a quite old version of openvpn (1.x) running on a centos 7 machine.
I am using the openvpn extension on webmin to manage the server/certs, and this extension only supports md5 certs (I know, work in progress to update the extension).
I understand that I must create a new CA based on the old CA using openssl option -signkey ca.key..
I also understand that I must send the new CA on all the clients and devices connecting to my server... this is now impossible to reach them since the CA cert is expired...
Question: Do I have to update all the certs of all the clients and the server ? Because, when I update the CA with the recipe given here : https://buger.dread.cz/openvpn-expired- ... cates.html they say the new ca.crt must be uploaded to all clients.
Is there any solution ?
Am I missing something?
Thank you a lot
my CA cert is expired and no access to clients
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
kris vpn
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jan 28, 2020 11:51 am
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: my CA cert is expired and no access to clients
(I know, work in progress to update the extension)
You are missing update the whole thing to latest.....Am I missing something?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: my CA cert is expired and no access to clients
May as well use GRE ..Also, https://community.openvpn.net/openvpn/w ... sa-upgrade
You will need easyrsa3 git/master: https://github.com/OpenVPN/easy-rsa