Openvpn detecting Client certificate expiry
Posted: Tue May 18, 2021 12:35 pm
Hi,
We are using openvpn 2.4.9 version in our control plane and data plane in userspace. We use x509 certificates at both client and server. I have a query regarding certificate expiry: Here is the scenario
1. Clients connect to server with valid certificate and connection comes up
2. But the Client cert is about to expire in next 1 hour.
So is there any option that can enable openvpn server to detect this cert expiry and disconnect the client?
Is there any error code that is sent to client to say that the certificate has expired?
In the experiments done with openvpn version we have, we did not see the server disconnecting at all.
We are using openvpn 2.4.9 version in our control plane and data plane in userspace. We use x509 certificates at both client and server. I have a query regarding certificate expiry: Here is the scenario
1. Clients connect to server with valid certificate and connection comes up
2. But the Client cert is about to expire in next 1 hour.
So is there any option that can enable openvpn server to detect this cert expiry and disconnect the client?
Is there any error code that is sent to client to say that the certificate has expired?
In the experiments done with openvpn version we have, we did not see the server disconnecting at all.