After 10 years this happened to us, fortunately on a small VPN. In rushing to
get service restored, i used easy-rsa's build-ca, big mistake - had to
recreate all client certificates. After some research I found that "openssl
x509 -in /etc/openvpn/easy-rsa/keys/ca.crt -days 3650 -out ca-v2.crt -signkey
/etc/openvpn/easy-rsa/keys/ca.key" seems to work. I also used build-key-server
because the server's certificate had also expired and that seems to work as
well. When the new CA certificate and server certificate/key pair is
configured in the conf file and OpenVPN restarted, existing clients with
unexpired certificate/key pairs were able to connect and function.
My question is "Is this the correct/best way to handle the situation?" If not,
what is?
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
