Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Openvpn root certificate expired
« previous next »
Pages: [1]   Go Down

Openvpn root certificate expired

  • 8 Replies
  • 4443 Views

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Openvpn root certificate expired
« on: October 06, 2016, 10:04:06 AM »
when our clients try to connect to server today, they received a message
hu Oct 06 10:00:02 2016 UDPv4 link local: [undef]
Thu Oct 06 10:00:02 2016 UDPv4 link remote: [AF_INET]remoteip:1194
Thu Oct 06 10:00:02 2016 VERIFY ERROR: depth=0, error=certificate has expired: C=IT, ST=Toscano, L=Pisa, O=Mechgroup, O=21232f297a57a5a743894a0e4a801fc3, OU=Design, CN=Openvpnmech, emailAddress=smnirosh@mechdesign.it
Thu Oct 06 10:00:02 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Oct 06 10:00:02 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Oct 06 10:00:02 2016 TLS Error: TLS handshake failed
Thu Oct 06 10:00:02 2016 SIGUSR1[soft,tls-error] received, process restarting

I found in the manage certification section the root certification is expired. I renew the certificate by clicking * icon on the same row. But the error is still the same.

what can I do now?
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Openvpn root certificate expired
« Reply #1 on: October 06, 2016, 10:15:11 AM »
Your root certificate has expired, or your server certificate ?
Logged
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: Openvpn root certificate expired
« Reply #2 on: October 06, 2016, 10:24:13 AM »
Server certificate. sorry for the incovenience.
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Openvpn root certificate expired
« Reply #3 on: October 06, 2016, 10:25:35 AM »
So, you need to renew it from the PHPki interface (already done), then you have to get it, and replace the cert and private key in the OpenVPN-Bridge panel with the new one
Logged
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: Openvpn root certificate expired
« Reply #4 on: October 06, 2016, 10:27:20 AM »
is it "Display the Root Certificate (PEM Encoded)" from certificate manager windoww
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Openvpn root certificate expired
« Reply #5 on: October 06, 2016, 10:28:48 AM »
No, once you have renewed the server certificate, go in manage certificate -> download (the one corresponding to the server-certificate) and download the crt (PEM) and the private key (PEM too). Then past the content of those files in the OpenVPN Bridge panel, just like the first time you have configured it
Logged
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: Openvpn root certificate expired
« Reply #6 on: October 06, 2016, 10:33:32 AM »
Ok thanks i replaced and gave a save to that dialog boxex. now what to do?
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Openvpn root certificate expired
« Reply #7 on: October 06, 2016, 10:35:47 AM »
Now your client should be able to connect again, as the certificate being used is not expired anymore
Logged
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: Openvpn root certificate expired
« Reply #8 on: October 06, 2016, 10:40:32 AM »
Ok. Daniel it works.
thaaaaaaaaaaaaaannnnnnnnnnnnnnnkkkkkkkkkkkkkkkkksssssssssssss very much  for the QUICK support.
(thats why i deal with you CONTRIB)
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Openvpn root certificate expired