Hi
I created last month a test vpn server and today it stopped working.
This is what I read in clients log:
Mon Sep 14 17:45:17 2020 VERIFY ERROR: depth=1, error=self signed
certificate in certificate chain: C=FR, ST=75, L=Paris, O=CAOBA,
OU=CAOBA, CN=caoba.fr, emailAddress=supp...@caoba.fr
On the server, I ran this commands:
openssl x509 -text -noout -in ca.crt | grep After
Not After : Sep 14 05:33:42 2020 GMT
openssl x509 -text -noout -in server.crt | grep After
Not After : Aug 13 05:33:42 2030 GMT
openssl x509 -text -noout -in cassiopeia.crt | grep After
Not After : Aug 13 05:35:09 2030 GMT
openssl x509 -text -noout -in santiago.crt | grep After
Not After : Aug 13 05:50:02 2030 GMT
So I don't really remember how much I played around with the
KEY_EXPIRE variable but my ca was valid for 30 days but all other
certificates were valid for 10 years.
What I did today is that I made a new ca certificate using the same old key:
openssl x509 -in ca.crt -days 3650 -out ca.crt.new -signkey ca.key
mv -i ca.crt ca.crt.20200914
mv -i ca.crt.new ca.crt
/etc/init.d/openvpn restart
I exported the new ca certificate into the configuration of the
clients (cassiopeia and santiago), restarted the service but the
client log still says:
Tue Sep 14 19:07:26 2020 VERIFY ERROR: depth=1, error=self signed
certificate in certificate chain: C=FR, ST=75, L=Paris, O=CAOBA,
OU=CAOBA, CN=caoba.fr, emailAddress=supp...@caoba.fr
Am I missing something?
Best regards
Santiago
CAOBA
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
