Greetings, A friendly heads-up, the AstLinux web interface generates OpenVPN (and IPSec) certificates with a expire date of 10 years in the future. Seems like a really long time...
Well today I hit an OpenVPN failure due to an expired certificate ... thank goodness I also had WireGuard access ! BTW, a CLI command to check your OpenVPN valid dates is: -- openssl x509 -startdate -enddate -noout -in /mnt/kd/openvpn/webinterface/keys/ca.crt -- This was not all bad, since if your cert is 10 years old then recreating them with 2048 bits and SHA-256 is a good thing anyway. I also enabled "Extra TLS-Auth:" while I was at it. Also a good time to consider switching to WireGuard :-) Lonnie _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
