my CA cert is expired and no access to clients
Posted: Tue Jan 28, 2020 12:01 pm
Hi,
I have a quite old version of openvpn (1.x) running on a centos 7 machine.
I am using the openvpn extension on webmin to manage the server/certs, and this extension only supports md5 certs (I know, work in progress to update the extension).
I understand that I must create a new CA based on the old CA using openssl option -signkey ca.key..
I also understand that I must send the new CA on all the clients and devices connecting to my server... this is now impossible to reach them since the CA cert is expired...
Question: Do I have to update all the certs of all the clients and the server ? Because, when I update the CA with the recipe given here : https://buger.dread.cz/openvpn-expired- ... cates.html they say the new ca.crt must be uploaded to all clients.
Is there any solution ?
Am I missing something?
Thank you a lot
I have a quite old version of openvpn (1.x) running on a centos 7 machine.
I am using the openvpn extension on webmin to manage the server/certs, and this extension only supports md5 certs (I know, work in progress to update the extension).
I understand that I must create a new CA based on the old CA using openssl option -signkey ca.key..
I also understand that I must send the new CA on all the clients and devices connecting to my server... this is now impossible to reach them since the CA cert is expired...
Question: Do I have to update all the certs of all the clients and the server ? Because, when I update the CA with the recipe given here : https://buger.dread.cz/openvpn-expired- ... cates.html they say the new ca.crt must be uploaded to all clients.
Is there any solution ?
Am I missing something?
Thank you a lot
May as well use GRE ..