Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
renew of Certifikates
« previous
next »
Print
Pages: [
1
]
Author
Topic: renew of Certifikates (Read 4703 times)
Joergen
Newbie
Posts: 12
Karma: 1
renew of Certifikates
«
on:
March 02, 2018, 01:37:04 pm »
Hello there
I am quite new to opnsense - so bear with me.
I can see that the web GUI SSL certificate and some self-signed certificates soon is to expire.
I am taking about the certificates used for VPN access as explained in the documentation "SSL VPN Road Warrior".
Is there any easy way to renew those 3 certificates?
Best regards
Joergen
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: renew of Certifikates
«
Reply #1 on:
March 02, 2018, 03:24:50 pm »
The CA in the road warrior scenario doesn't need to sign the GUI certificate. You can replace the GUI certificate without any impact on your VPN server. A lot of people use the let's encrypt project for this.
If you are going to roll your own, then you may want to increase the lifetime of the new certificate to be more than the default 365 days to avoid having to do this once a year.
Bart...
Logged
Joergen
Newbie
Posts: 12
Karma: 1
Re: renew of Certifikates
«
Reply #2 on:
March 03, 2018, 11:13:53 am »
Thanks for the answer.
So there is no easy way to renew or extend the existing certificates or copy the settings from the old ones? – or do I have to make them from zero again?
That means I have to make new ones for the 3 certificates used for “SSL VPN ROAD WARRIOR”?
- Authorities
- CA OpenVPN server
- CA Open VPN User
Is that correct?
Kind regards
Joergen
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: renew of Certifikates
«
Reply #3 on:
March 03, 2018, 04:16:53 pm »
Is the root CA you set up for OpenVPN have a certificate that is about to expire? That is unusual; the certificate is normally set for a long time. Mine expires in 2036.
If the certificate at the top of your PKI expires, you will have to redo the whole lot.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
renew of Certifikates