OpenVPN Cert error within Ubuntu
Posted: Thu Sep 08, 2022 12:39 am
Hi there,
We have recently come across OVPN connection errors with our clients. This is setup within an UBUNTU instance via AWS. Upon looking at the logs, we came across certificate expired errors. Through troubleshooting this, we tried renewing the cert through these commands:
sudo openssl genrsa -out serverNew.key 2048
sudo openssl req -new -key serverNew.key -out serverNew.csr
sudo openssl x509 -req -in serverNew.csr -CA caNew.crt -CAkey caOld.key -CAcreateserial -out serverNew.crt -days 500 -sha256
After restarting services, we got a new error about client certificate errors. We then tried renewing that cert and upon restarting services, we got authentication errors. Below is the log regarding the initial errors before renewing the server cert.
Any help, including exact commands on getting this to work without having to spin up another instance would be greatly appreciated.
The Ubuntu instance has been updated. We have always been using the openvpn 2.4.6 version.
Thanks,
Brian
Log:
Wed Sep 07 19:32:27 2022 VERIFY ERROR: depth=0, error=certificate has expired: CN=server_A0pWrJnmmHKiSCby
Wed Sep 07 19:32:27 2022 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Sep 07 19:32:27 2022 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 07 19:32:27 2022 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 07 19:32:27 2022 TLS Error: TLS handshake failed
Wed Sep 07 19:32:27 2022 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 07 19:32:27 2022 MANAGEMENT: >STATE:1662597147,RECONNECTING,tls-error,,,,,
Wed Sep 07 19:32:27 2022 Restart pause, 300 second(s)
We have recently come across OVPN connection errors with our clients. This is setup within an UBUNTU instance via AWS. Upon looking at the logs, we came across certificate expired errors. Through troubleshooting this, we tried renewing the cert through these commands:
sudo openssl genrsa -out serverNew.key 2048
sudo openssl req -new -key serverNew.key -out serverNew.csr
sudo openssl x509 -req -in serverNew.csr -CA caNew.crt -CAkey caOld.key -CAcreateserial -out serverNew.crt -days 500 -sha256
After restarting services, we got a new error about client certificate errors. We then tried renewing that cert and upon restarting services, we got authentication errors. Below is the log regarding the initial errors before renewing the server cert.
Any help, including exact commands on getting this to work without having to spin up another instance would be greatly appreciated.
The Ubuntu instance has been updated. We have always been using the openvpn 2.4.6 version.
Thanks,
Brian
Log:
Wed Sep 07 19:32:27 2022 VERIFY ERROR: depth=0, error=certificate has expired: CN=server_A0pWrJnmmHKiSCby
Wed Sep 07 19:32:27 2022 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Sep 07 19:32:27 2022 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 07 19:32:27 2022 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 07 19:32:27 2022 TLS Error: TLS handshake failed
Wed Sep 07 19:32:27 2022 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 07 19:32:27 2022 MANAGEMENT: >STATE:1662597147,RECONNECTING,tls-error,,,,,
Wed Sep 07 19:32:27 2022 Restart pause, 300 second(s)