Today my openvpn server certificate expired. Only the certificate expired, the CA not!
I have generated a new certificate using EasyRSA, changed cert and key parameters in the
Code: Select all
server.conf
However my Linux openvpn clients (using openvpn in client mode) and also Windows openvpn client's can't connect anymore.
The error is:
Code: Select all
Fri Oct 28 10:18:29 2022 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=marinero-server
Fri Oct 28 10:18:29 2022 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Oct 28 10:18:29 2022 TLS_ERROR: BIO read tls_read_plaintext error
Fri Oct 28 10:18:29 2022 TLS Error: TLS object -> incoming plaintext read error
Fri Oct 28 10:18:29 2022 TLS Error: TLS handshake failed
Fri Oct 28 10:18:29 2022 Fatal TLS error (check_tls_errors_co), restarting
Why they can't connect if only the server certificate changed which is from the same CA and also other clients can connect without a problem?
Thanks for your help!