Some clients cannot connect after server certificate change
Posted: Fri Oct 28, 2022 8:19 am
Hi all!
Today my openvpn server certificate expired. Only the certificate expired, the CA not!
I have generated a new certificate using EasyRSA, changed cert and key parameters in the file and my clients started to come back up (these are Mikrotik routers).
However my Linux openvpn clients (using openvpn in client mode) and also Windows openvpn client's can't connect anymore.
The error is:
The CN named marinero-server is the new server certificate generated by me.
Why they can't connect if only the server certificate changed which is from the same CA and also other clients can connect without a problem?
Thanks for your help!
Today my openvpn server certificate expired. Only the certificate expired, the CA not!
I have generated a new certificate using EasyRSA, changed cert and key parameters in the
Code: Select all
server.confHowever my Linux openvpn clients (using openvpn in client mode) and also Windows openvpn client's can't connect anymore.
The error is:
Code: Select all
Fri Oct 28 10:18:29 2022 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=marinero-server
Fri Oct 28 10:18:29 2022 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Oct 28 10:18:29 2022 TLS_ERROR: BIO read tls_read_plaintext error
Fri Oct 28 10:18:29 2022 TLS Error: TLS object -> incoming plaintext read error
Fri Oct 28 10:18:29 2022 TLS Error: TLS handshake failed
Fri Oct 28 10:18:29 2022 Fatal TLS error (check_tls_errors_co), restarting
Why they can't connect if only the server certificate changed which is from the same CA and also other clients can connect without a problem?
Thanks for your help!