need to replace only server.crt and server.key files
no change needed at clients side
1. delete old server.crt key and all files related to it
in my case (debian linux):
rm /etc/easy-rsa/pki/private/server.key
rm /etc/easy-rsa/pki/issued/server.crt
rm /etc/easy-rsa/pki/private/server.key
rm /etc/easy-rsa/pki/reqs/server.req (maybe you will not have this file so ignore and continue)
2. generate new certificate named server.crt
go to your easyrsa folder (in my case cd /etc/easy-rsa)
and run
./easyrsa build-server-full server nopass
3. find your new generated certifiacte in
* easy-rsa/pki/issued folder and validate that you have new server.crt by file creation date.
* easy-rsa/pki/private folder and validate that you have new server.key by file creation date.
4. Ensure that server.crt expire date is plus 2 years from now. run
openssl x509 -in /etc/easy-rsa/pki/issued/server.crt -text -noout | grep "Not After"
or
server.crt is regular txt file so open it and find Validity section "Not After" line to validate
expiration date. it shoud be good for 2 years from now.
5. Copy new server.crt and server.key to openvpn server folders
copy easy-rsa/pki/issued/server.crt to /etc/openvpn/server/issued
copy easy-rsa/pki/privateserver.key to /etc/openvpn/server/private
6. Now you must restart openvpn service
run
systemctl restart openvpn or sudo systemctl restart openvpn
in my case it did not work so i restarted my linux server and it worked after server restart
server certificate expired how to fix step by step
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
danygug
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Feb 22, 2024 4:03 pm
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: server certificate expired how to fix step by step
Which version of Easy-RSA are you using ?
Modern Easy-RSA can renew a certificate.
Also, your how-to is technically incorrect and bad practice.
Modern Easy-RSA can renew a certificate.
Also, your how-to is technically incorrect and bad practice.
-
camdenjc
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Aug 23, 2024 9:49 pm
Re: server certificate expired how to fix step by step
I cannot figure out how to make a new topic, but anyway I am really struggling with setting up OpenVPN connection to Araknis first I get this error message "No server certificate verification method has been enabled." I put something in the config file I read to get around that then I was have a TLS negotiation/handoff issue. If anyone could help me through this it would be greatly appreciated.