ca.crt expiring soon

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
nicopizzinato
OpenVpn Newbie
Posts: 2
Joined: Fri Oct 28, 2022 10:21 am

ca.crt expiring soon

Post by nicopizzinato » Fri Aug 18, 2023 6:58 am

Good morning
in an openVPN" with "easyRSA 3" I have the problem that "ca.crt" and "server.crt" are expiring in 4 months.
The problem is that the 50 clients are 3G/4G connected routers distributed all over Italy.
Is there any way to re-sign the CA without having to connect one by one to the 50 routers while maintaining continuity of service?
Thanks to all
Top
User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: ca.crt expiring soon

Post by openvpn_inc » Mon Aug 21, 2023 11:48 pm

Hello nicopizzinato,

If any certificate is expired, the connection will fail. Ensure that on both server and client side there are certificates present that are valid.

So yes, this means replacing certificates.

The CA private key, or any private key, has no expiration date on it. It's only certificates that have that. So you can make new certificates from the same private key. That allows the old and new certificates to validate as the validation is done using the signature placed on the certificates, which comes from the private key data. And that will then be the same.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Top
Post Reply

Return to “Cert / Config management”