Client Certificate had expired
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 16, 2017 4:02 pm
Client Certificate had expired
Help. I can't connect to my Asus Merlin OpenVPN setup anymore. After looking at the log file on my client PC I can see this line:
VERIFY ERROR: depth=1, error=certificate has expired
I have 4 files in my OpenVPN config folder:
-ca.crt
-client1.crt
-client1.key
-client1.ovpn
When I use notepad to open those 4 files up the only thing I can see is that in the client1.crt it has this:
Not Before: Jul 3 16:05:05 2008 GMT
Not After : Jul 1 16:05:05 2018 GMT
I tried just changing the date on the "Not After to 2019" but that did not work.
I tried searching the forum but didn't see much on this. Anyone have any step by step instructions on how I can correct this?
I have about 10 clients connecting using this so if I can correct client1 then I can correct the rest.
Thanks.
Vinny
VERIFY ERROR: depth=1, error=certificate has expired
I have 4 files in my OpenVPN config folder:
-ca.crt
-client1.crt
-client1.key
-client1.ovpn
When I use notepad to open those 4 files up the only thing I can see is that in the client1.crt it has this:
Not Before: Jul 3 16:05:05 2008 GMT
Not After : Jul 1 16:05:05 2018 GMT
I tried just changing the date on the "Not After to 2019" but that did not work.
I tried searching the forum but didn't see much on this. Anyone have any step by step instructions on how I can correct this?
I have about 10 clients connecting using this so if I can correct client1 then I can correct the rest.
Thanks.
Vinny
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client Certificate had expired
Good !
It is a cryptographically secured certificate and would not be much use if you could edit it with notepad ..
You need to generate a new certificate .. you may need to create an entirely new CA if your 10 years have expired.
If you have to create a new CA start here:
https://github.com/OpenVPN/easy-rsa/releases
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 16, 2017 4:02 pm
Re: Client Certificate had expired
LOL. Thanks. yeah, I didn't think it would do anything by changing that but then I thought it was worth a shot anyways.
I haven't worked on this since I guess 10 years ago si I'm very rusty on it but sounds like I may have to recreate everything from scratch. Do you know if I have the option to create user passwords for accounts? Meaning the client would have to enter a unique username/password in order to connect? Right now they just have to right click and connect then they're in.
I haven't worked on this since I guess 10 years ago si I'm very rusty on it but sounds like I may have to recreate everything from scratch. Do you know if I have the option to create user passwords for accounts? Meaning the client would have to enter a unique username/password in order to connect? Right now they just have to right click and connect then they're in.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client Certificate had expired
OK .. you will probably want to start with the HOWTO: For OpenVPN Community Edition -- I have it open almost every day.
Sure
It's all in the howto, this is the section for you:
https://openvpn.net/index.php/open-sour ... .html#auth
Also, the new openvpn-GUI for Windows is more versatile than before.
(Included with Openvpn installers .. but not for WinXP )
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 16, 2017 4:02 pm
Re: Client Certificate had expired
Thanks a lot. I will look thru these. Happy 4th.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 16, 2017 4:02 pm
Re: Client Certificate had expired
TinCanTech, i was able to redo everything. I run an Asus RT-N66U with Merlin. I was able to connect to the office LAN just fine and can see the NAS device on the LAN. However, when I connected there was 1 line of with an error. I was able to correct the other errors like comp-lzo and cipher. But not sure how to correct this error below or whether it is anything to worry about:
Wed Jul 04 09:32:47 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Also, the password link you sent me above is a little confusing. Do you know of a link of a step by step setup? Basically I just want the clients to have to enter a username a password before the clientx.ovpn connects. This way if their laptop is stolen no one can just connect to the office LAN. And when the employee is no longer there I can just maybe change the password for that clientx.ovpn. Even better if when the clientx connects the first time it forces them to create a username and password of their choice.
Thanks.
Wed Jul 04 09:32:47 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Also, the password link you sent me above is a little confusing. Do you know of a link of a step by step setup? Basically I just want the clients to have to enter a username a password before the clientx.ovpn connects. This way if their laptop is stolen no one can just connect to the office LAN. And when the employee is no longer there I can just maybe change the password for that clientx.ovpn. Even better if when the clientx connects the first time it forces them to create a username and password of their choice.
Thanks.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client Certificate had expired
See --auth-nocache in The Manual v24x
All depends on what the clients use to connect .. if it is Windows use the openvpn-GUI
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 16, 2017 4:02 pm
Re: Client Certificate had expired
They are using the Windows Openvpn GUI now but that just simply connect them right in. I'm looking to make it so that when they launch the GUI they have to enter a username and PW before it connects.