OpenVPN Support Forum

I'm taking over from a previous administrator and have recently had to upgrade some operating system stuff as the old stuff was...really old. The problem is that I don't have any experience with OpenVPN and I believe I broke our implementation during the upgrade process. The problem that I'm having is that certificates are being generated with a "Not Before" date for several hours into the future. The certificate chain works fine and all the signing is functioning properly, but anyone who has to generate a new certificate can't use it the same day.

Where would the most common places be to configure something like this. I don't believe we have any custom configuration of openssl getting in the way, and diving into all the easy-rsa configurations I couldn't find any specification for setting a validity date in the future. I'm sure the problem is just a lack of documentation on our end, but I don't know where to start. Anyone have any ideas?

I would say that just starting over from scratch would probably be easier and would make me become familiar with how OpenVPN works, but as always, the business schedule won't permit it. This has to be back up and running as quickly as possible.

Our server is using easy-rsa 2.0 and the openvpn service is 2.3.6.

Thanks,
Mike

MCComputerServices wrote:Where would the most common places be to configure something like this

Your computer clock.

Clock settings are correct for both server and client. That was something that caught me before, but I made sure to check it this time.

Check Timezone.

That depends how is your setup configured , if it's a custom script that generates the certificates then you need to check which files are sourced by that script or what variables are inside the script
if you are using easy-rsa , there is a file in which the variables are stored named vars