Hello guys,
I have a client that contacts me requesting that if I know some trick to allow the connection between the client and the server with certificates expired yesterday. He only has access to the server, clients are unreachable. In my opinion this is impossible, does someone know a method to do this magic?
Thanks!
Client and server certificates expired
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat May 21, 2011 11:14 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client and server certificates expired
If the CA.crt has expired along with your server.crt and client.crt then it probably is impossible to use your PKI any longer.
If only the client.crt has expired then you may be able to use --client-cert-not-required or --verify-client-cert. They are both documented in the manual.
If only the client.crt has expired then you may be able to use --client-cert-not-required or --verify-client-cert. They are both documented in the manual.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat May 21, 2011 11:14 am
Re: Client and server certificates expired
Thanks for the reply, unfortunately --client-cert-not-required disables the use of client certificates and forces username/password authentication only, but the clients are configured to use only certificate without username/password authentication. Some workaround for this?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client and server certificates expired
Why not issue a new certificate to the client ? (You have not made it clear what has actually expired)
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat May 21, 2011 11:14 am
Re: Client and server certificates expired
The server and client certificates have expired, and the client device is 700km from any person, so he wants to find a method that avoids the replacement of the client certificate through physical access.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm