Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: smnirosh on October 06, 2016, 10:04:06 AM

Title: Openvpn root certificate expired
Post by: smnirosh on October 06, 2016, 10:04:06 AM

when our clients try to connect to server today, they received a message
hu Oct 06 10:00:02 2016 UDPv4 link local: [undef]
Thu Oct 06 10:00:02 2016 UDPv4 link remote: [AF_INET]remoteip:1194
Thu Oct 06 10:00:02 2016 VERIFY ERROR: depth=0, error=certificate has expired: C=IT, ST=Toscano, L=Pisa, O=Mechgroup, O=21232f297a57a5a743894a0e4a801fc3, OU=Design, CN=Openvpnmech, emailAddress=smnirosh@mechdesign.it
Thu Oct 06 10:00:02 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Oct 06 10:00:02 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Oct 06 10:00:02 2016 TLS Error: TLS handshake failed
Thu Oct 06 10:00:02 2016 SIGUSR1[soft,tls-error] received, process restarting

I found in the manage certification section the root certification is expired. I renew the certificate by clicking * icon on the same row. But the error is still the same.

what can I do now?

Title: Re: Openvpn root certificate expired
Post by: Daniel B. on October 06, 2016, 10:15:11 AM

Your root certificate has expired, or your server certificate ?

Title: Re: Openvpn root certificate expired
Post by: smnirosh on October 06, 2016, 10:24:13 AM

Server certificate. sorry for the incovenience.

Title: Re: Openvpn root certificate expired
Post by: Daniel B. on October 06, 2016, 10:25:35 AM

So, you need to renew it from the PHPki interface (already done), then you have to get it, and replace the cert and private key in the OpenVPN-Bridge panel with the new one

Title: Re: Openvpn root certificate expired
Post by: smnirosh on October 06, 2016, 10:27:20 AM

is it "Display the Root Certificate (PEM Encoded)" from certificate manager windoww

Title: Re: Openvpn root certificate expired
Post by: Daniel B. on October 06, 2016, 10:28:48 AM

No, once you have renewed the server certificate, go in manage certificate -> download (the one corresponding to the server-certificate) and download the crt (PEM) and the private key (PEM too). Then past the content of those files in the OpenVPN Bridge panel, just like the first time you have configured it

Title: Re: Openvpn root certificate expired
Post by: smnirosh on October 06, 2016, 10:33:32 AM

Ok thanks i replaced and gave a save to that dialog boxex. now what to do?

Title: Re: Openvpn root certificate expired
Post by: Daniel B. on October 06, 2016, 10:35:47 AM

Now your client should be able to connect again, as the certificate being used is not expired anymore

Title: Re: Openvpn root certificate expired
Post by: smnirosh on October 06, 2016, 10:40:32 AM

Ok. Daniel it works.
thaaaaaaaaaaaaaannnnnnnnnnnnnnnkkkkkkkkkkkkkkkkksssssssssssss very much  for the QUICK support.
(thats why i deal with you CONTRIB)