My bad. It's working now. Sorry about that On Tue, Sep 15, 2020 at 12:11 PM Santiago DIEZ <santi...@caoba.fr> wrote: > > Hi > > I created last month a test vpn server and today it stopped working. > This is what I read in clients log: > Mon Sep 14 17:45:17 2020 VERIFY ERROR: depth=1, error=self signed > certificate in certificate chain: C=FR, ST=75, L=Paris, O=CAOBA, > OU=CAOBA, CN=caoba.fr, emailAddress=supp...@caoba.fr > > On the server, I ran this commands: > openssl x509 -text -noout -in ca.crt | grep After > Not After : Sep 14 05:33:42 2020 GMT > openssl x509 -text -noout -in server.crt | grep After > Not After : Aug 13 05:33:42 2030 GMT > openssl x509 -text -noout -in cassiopeia.crt | grep After > Not After : Aug 13 05:35:09 2030 GMT > openssl x509 -text -noout -in santiago.crt | grep After > Not After : Aug 13 05:50:02 2030 GMT > > So I don't really remember how much I played around with the > KEY_EXPIRE variable but my ca was valid for 30 days but all other > certificates were valid for 10 years. > > What I did today is that I made a new ca certificate using the same old key: > openssl x509 -in ca.crt -days 3650 -out ca.crt.new -signkey ca.key > mv -i ca.crt ca.crt.20200914 > mv -i ca.crt.new ca.crt > /etc/init.d/openvpn restart > > I exported the new ca certificate into the configuration of the > clients (cassiopeia and santiago), restarted the service but the > client log still says: > Tue Sep 14 19:07:26 2020 VERIFY ERROR: depth=1, error=self signed > certificate in certificate chain: C=FR, ST=75, L=Paris, O=CAOBA, > OU=CAOBA, CN=caoba.fr, emailAddress=supp...@caoba.fr > > Am I missing something? > Best regards > Santiago > CAOBA
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
