Page 1 of 1
server certificate expired
Posted: Mon Aug 24, 2015 8:22 am
by sancelot
Hi,
10 years reached, my server root ca, and server.crt files have expired.
How to solve it ? is it possible without modifying client setup ?
Regards,
S.Ancelot
Re: server certificate expired
Posted: Mon Aug 24, 2015 9:49 am
by maikcat
Re: server certificate expired
Posted: Mon Aug 24, 2015 10:00 am
by sancelot
Thanks, I finally solved it differently :
build-key-server new_serv
cp new_serv.crt /etc/openvpn/server.crt
cp new_serv.key /etc/openvpn/server.key
Re: server certificate expired
Posted: Mon Aug 24, 2015 2:26 pm
by sancelot
I managed run it again, using :
build-key-server new_serv
and copying new_serv.key and new_serv.crt to openvpn server .
However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
Is there a priority over ca.crt or client.crt ...I am a bit confuse....
Re: server certificate expired
Posted: Tue Aug 25, 2015 8:21 am
by maikcat
i provided the link based on this :
10 years reached, my server root ca has expired
if your CA is expired then EVERY cert is bad...
However, regarding clients, there are ca.crt AND client.crt files
What are the conditions for the client permitting it allowing connection ?
are you aware how TLS/SSL works?
also keep in mind that your clients crt is checked against servers ca.crt and vice versa.
Michael.
Re: server certificate expired
Posted: Tue Aug 25, 2015 8:44 am
by sancelot
Yes, I know. In this case, a good setup would sets ca.crt valid for eg 50 years, to sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?
Regards,
Steph
Re: server certificate expired
Posted: Tue Aug 25, 2015 10:59 am
by maikcat
to sign user certificates.
and user certificates, can be valid from 1 day to eg 3 or ten years, isn't it ?
yeap
Michael.