Do I have to generate new ca & server certs?
Posted: Wed Aug 24, 2016 2:08 pm
Good morning,
After getting my VPN working and testing on a Kali client, I moved on to my next task; getting OpenVPN working on my Yealink VoIP phone. I spent days on this, but couldn't get it working. I'd see multiple server log entries indicating a TLS mismatch.
Yesterday I finally found a post indicating the problem is that my phone only supports SHA1, whereas my VPN certificates are signed with SHA256. I don't remember seeing this option when I generated the CA, Client & Server certificates. I guess the best solution is to get a new phone that supports SHA256 & higher. But in the meantime I have a few questions.
- Can I generate new certificates using SHA1?
- How do I specify which signing algorithm I use (SHA1 or SHA256)?
- If I did this, would I need to rebuild certificates for my existing VPN clients? Or is it possible to generate a CA only for the phone, but continue to use existing certificates for existing clients?
I'm still really green in this area; would really appreciate if anybody can point me to documentation that clearly defines the different certificates, scope, and how they are implemented in OpenVPN.
Thank you!
After getting my VPN working and testing on a Kali client, I moved on to my next task; getting OpenVPN working on my Yealink VoIP phone. I spent days on this, but couldn't get it working. I'd see multiple server log entries indicating a TLS mismatch.
Yesterday I finally found a post indicating the problem is that my phone only supports SHA1, whereas my VPN certificates are signed with SHA256. I don't remember seeing this option when I generated the CA, Client & Server certificates. I guess the best solution is to get a new phone that supports SHA256 & higher. But in the meantime I have a few questions.
- Can I generate new certificates using SHA1?
- How do I specify which signing algorithm I use (SHA1 or SHA256)?
- If I did this, would I need to rebuild certificates for my existing VPN clients? Or is it possible to generate a CA only for the phone, but continue to use existing certificates for existing clients?
I'm still really green in this area; would really appreciate if anybody can point me to documentation that clearly defines the different certificates, scope, and how they are implemented in OpenVPN.
Thank you!