Certificate upgrades on Windows (7) due to obsolete MD5
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 13, 2018 1:48 pm
Certificate upgrades on Windows (7) due to obsolete MD5
Hello,
After updating to the latest version of OpenVPN server on our Windows 7 system it has ceased to work due to support for MD5 being dropped with this version (openvpn-install-2.4.6-I602.exe).
Unfortunately I can only find information about upgrading certificates on linux-type platforms and I fear the official how-to for Windows is out of date.
Before I delve in and do it wrong, does anyone know of a resource for Windows which deals with upgrading server and client certificates? Not sure how to proceed. Many thanks.
After updating to the latest version of OpenVPN server on our Windows 7 system it has ceased to work due to support for MD5 being dropped with this version (openvpn-install-2.4.6-I602.exe).
Unfortunately I can only find information about upgrading certificates on linux-type platforms and I fear the official how-to for Windows is out of date.
Before I delve in and do it wrong, does anyone know of a resource for Windows which deals with upgrading server and client certificates? Not sure how to proceed. Many thanks.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 13, 2018 1:48 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
Yes have just downloaded the latest easy-rsa. Now, because this is an existing installation I presume I need to move all my old keys, crt and pem files out of there before I start with easy-rsa, would that be right?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
Always make a backup ..
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 13, 2018 1:48 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
Indeed, but if I'm not mistaken, the old key, pem and crt files could cause confusion and/or problems if I leave them in there. I'll take them out...
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
You will have to create a completely new PKI so make sure your old one is not in your way.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 13, 2018 1:48 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
So I install easy-rsa but it can't find the PATH to ssl. I add the path to the Windows environment variables but it still can't find the commands. What gives? I see some others have gone ahead and re-installed Open SSL. What do you recommend?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
See vars.example
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 13, 2018 1:48 pm
Re: Certificate upgrades on Windows (7) due to obsolete MD5
Ok, that was helpful, thank you.
For others having difficulty, also helpful was this tutorial, although I didn't encrust the certificates in the server.config like he did:
https://www.alanbonnici.com/2018/01/how ... lient.html
For others having difficulty, also helpful was this tutorial, although I didn't encrust the certificates in the server.config like he did:
https://www.alanbonnici.com/2018/01/how ... lient.html