This is the error message in OpenVPN logs:
Code: Select all
Sun Aug 16 18:33:21 2020 Sun Aug 16 18:33:21 2020 VERIFY FAIL -- The certificate validity has expired : depth=1
[redacted]
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2010-08-12 22:35:13
expires on : 2020-08-16 22:35:13
Sun Aug 16 18:33:21 2020 Sun Aug 16 18:33:21 2020 VERIFY FAIL -- The certificate validity has expired : depth=0
[redacted]issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2010-08-12 22:35:13
expires on : 2020-08-16 22:35:13
I found some instructions based upon generating a new certificate from the old key, but the files that are in:
/usr/local/openvpn_as/etc/web-ssl
Don't seem to be the ones that are being returned to the clients.
Code: Select all
> openssl x509 -noout -text -in ca.crt.old
Certificate:
[redacted]
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=OpenVPN Web CA 2018.11.16 12:16:59 PST openvpnas2
Validity
Not Before: Nov 9 20:16:59 2018 GMT
Not After : Nov 13 20:16:59 2028 GMT
I do see that the certificate that is returned in a client.ovpn is the old/expired version.
I've been googling for well over an hour to no avail. I have a lot of people who aren't going to be able to work tomorrow morning.
Any assistance would be appreciated.
Where is this expired certificate located? How do I retrieve and then replace it? (I think I understand the process of how to update it once I can actually get it)