linux vpn openvpn Server certificates
In case that CA certificate (lets name it ca.crt) gets expired, clients can't connect to the OpenVPN server anymore. You need to generate new CA certificate signed with the same key (usually named ca.key) as the old one to avoid the need to regenerate all client certificates also.
Use following command to do so:
openssl x509 -in ca.crt -days 36500 -out ca.crt.new -signkey ca.key
36500days = 100years = validity of the new ca.crt
rename ca.crt to ca.crt.old
rename ca.crt.new to ca.crt
restart / reload OpenVPN
distribute new ca.crt to all clients
check server certificate - it usually expires also, because both are generated during OpenVPN installation and usually have the same validity
In case that server certificate gets expired, simply generate new one using easy-rsa scripts:
reload / restart OpenVPN after that
When client certificate gets expired, you can generate new one using previous .csr file this way:
send the new .crt file to the client
client's .key file is not changed => same password, we don't need to know it to generate new .crt
Like my blog? What about to buy me a beer?
Bitcoin address: 1LzmUcwHK5Ys4zGPRoxYodjzpJsWiG61JY
Please Donate To Bitcoin Address:
[[value]] BTC Received. Thank You.
Pelican. Theme blueidea, inspired by the default theme.