Hi,
we current have a problem with our OpenVPN conncetivity.
Two days ago the ca.crt along with server.crt, server.key and server.csr expired.
We are using WinServer 2008r2 with Windows clients.
A new ca.crt and server.crt was built, ca.crt without pw but server.crt with pw.
I replaced the ca.crt in the server folder where server.ovpn config is telling me to.
I also replaced the ca.crt on my local client but unfortunatly without success.
The commands I use were build-ca and build-key-pass for the server.crt, and before them the command vars.bat.
Should I build the server certificate without password?
What is the command for that?
The error I get is:
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: ...
OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
Can I somehow verify the new certificates?
thank a lot
intane
Server certificate expired - certificate verify expired
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Feb 14, 2017 11:16 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Server certificate expired - certificate verify expired
You will have to build and replace all your clients certificates as well.intane wrote:A new ca.crt and server.crt was built
Add nopass to the commands.intane wrote:Should I build the server certificate without password?
What is the command for that?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Feb 14, 2017 11:16 am
Re: Server certificate expired - certificate verify expired
"You will have to build and replace all your clients certificates as well"
Yes Iam aware of that, I just replaced at first only mine for the test reasons.
I added the command you told me, so "build-key server -nopass" works for the start but the question for a pem phrase comes again and if I left i blank an error occurs.
Yes Iam aware of that, I just replaced at first only mine for the test reasons.
I added the command you told me, so "build-key server -nopass" works for the start but the question for a pem phrase comes again and if I left i blank an error occurs.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Server certificate expired - certificate verify expired
Wrong.intane wrote:so "build-key server -nopass" works
Code: Select all
build-key-server server.name nopass
Leave the pem passphrase blank. The error is probably due to something else.intane wrote:the question for a pem phrase comes again and if I left i blank an error occurs.
Best advice, start from scratch.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Feb 14, 2017 11:16 am
Re: Server certificate expired - certificate verify expired
build-key-server occurs the same error.
The error that occurs is TXT_DB error number 2.
*old.old could not be found.
Start from the scratch would be too much work unfortunatly :/
So I search a way to create new server certificates.
The error that occurs is TXT_DB error number 2.
*old.old could not be found.
Start from the scratch would be too much work unfortunatly :/
So I search a way to create new server certificates.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Server certificate expired - certificate verify expired
intane wrote:Two days ago the ca.crt along with server.crt, server.key and server.csr expired
I do not believe you have a choice ..intane wrote:Start from the scratch would be too much work
You are welcome to scour the internet and try to find a solution, if you prefer ..
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Feb 14, 2017 11:16 am
Re: Server certificate expired - certificate verify expired
I want to search a little bit more before I do everything from the beginning.