Author Topic: sudden peer certificate verification faillure (Read 2781 times)

kaneelschep · « **on:** August 31, 2023, 10:03:33 pm »

Hi all.

I have been using openvpn for quite some time now without problems. Since last Thursday though, i get this error on all clients.
Peer certificate verification failure.
Nothing changed on server. Maybe client got updated?
Was there some change in certification rules or so? Can it be expired?
Anyone have an idea?

Thanks!

franco · « **Reply #1 on:** September 01, 2023, 07:17:25 am »

> Can it be expired?

That would be my guess in lack of more information.

Cheers,
Franco

kaneelschep · « **Reply #2 on:** September 04, 2023, 12:53:48 pm »

I am sorry I dont have more info at the moment. I am on holiday. Thats the whole reason I was using the vpn

And does anyone happen to know the standard expiration date? I thought it was 10 years?

cookiemonster · « **Reply #3 on:** September 04, 2023, 12:59:21 pm »

It's whatever was set when created.
If I rememeber correctly 10 years is for CA, not for server/client certs.

CJ · « **Reply #4 on:** September 05, 2023, 03:00:53 pm »

Expiration date depends on how it was created. Also, there has been a push from various places to reduce the length of time certs are valid for but I'm not sure if that applies to VPNs.

cookiemonster · « **Reply #5 on:** September 05, 2023, 03:19:02 pm »

Not so much for CAs though, that I know of. This push indeed has been happening but is more for clients of webwservers.

kaneelschep · « **Reply #6 on:** September 10, 2023, 10:04:06 pm »

So I got home.
SSLVPN Server Certificate has indeed epired.
It was only valid for a year. User certificate is also almost expired.

I set it up myself, I guess a year ago, using a guide.
I am still learning about what I actually did and how it affects everything. I never did this before.

As I read, there is no simple renewal option. I just have to remake the certificate. And the user.
Is that right?

cookiemonster · « **Reply #7 on:** September 10, 2023, 10:45:30 pm »

technically speaking there is no option to renew a certificate, that is to extend the validity only. Not with openssl that I know of.
That said if you kept your original csr from last time you created it, you can reuse that csr to generate the new cert and then all its attributes are kept.
You don't need to recreate a user.

kaneelschep · « **Reply #8 on:** September 11, 2023, 02:45:59 pm »

Ah yes, I meant the user certificate. as it also expired. I use otp.

I made new certificates.. Not noticing the authority was also expired.

So I did everything twice. I guess I wont forget anymore now.

My VPN works like before again.
Thanks!

cookiemonster · « **Reply #9 on:** September 11, 2023, 02:53:24 pm »

Author Topic: sudden peer certificate verification faillure (Read 2781 times)

kaneelschep

sudden peer certificate verification faillure

franco

Re: sudden peer certificate verification faillure

kaneelschep

Re: sudden peer certificate verification faillure

cookiemonster

Re: sudden peer certificate verification faillure

CJ

Re: sudden peer certificate verification faillure

cookiemonster

Re: sudden peer certificate verification faillure

kaneelschep

Re: sudden peer certificate verification faillure

cookiemonster

Re: sudden peer certificate verification faillure

kaneelschep

Re: sudden peer certificate verification faillure

cookiemonster

Re: sudden peer certificate verification faillure