OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • renew of Certifikates
« previous next »
  • Print
Pages: [1]

Author Topic: renew of Certifikates  (Read 3007 times)

Joergen

  • Newbie
  • *
  • Posts: 11
  • Karma: 1
    • View Profile
renew of Certifikates
« on: March 02, 2018, 01:37:04 pm »
Hello there

I am quite new to opnsense - so bear with me.
I can see that the web GUI SSL certificate and some self-signed certificates soon is to expire.
I am taking about the certificates used for VPN access as explained in the documentation "SSL VPN Road Warrior".

Is there any easy way to renew those 3 certificates?

Best regards
Joergen
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1538
  • Karma: 166
    • View Profile
Re: renew of Certifikates
« Reply #1 on: March 02, 2018, 03:24:50 pm »
The CA in the road warrior scenario doesn't need to sign the GUI certificate. You can replace the GUI certificate without any impact on your VPN server. A lot of people use the let's encrypt project for this.

If you are going to roll your own, then you may want to increase the lifetime of the new certificate to be more than the default 365 days to avoid having to do this once a year.

Bart...
Logged

Joergen

  • Newbie
  • *
  • Posts: 11
  • Karma: 1
    • View Profile
Re: renew of Certifikates
« Reply #2 on: March 03, 2018, 11:13:53 am »
Thanks for the answer.

So there is no easy way to renew or extend the existing certificates or copy the settings from the old ones? – or do I have to make them from zero again?

That means I have to make new ones for the 3 certificates used for “SSL VPN ROAD WARRIOR”?
-   Authorities
-   CA OpenVPN server
-   CA Open VPN User
Is that correct?

Kind regards
Joergen
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1538
  • Karma: 166
    • View Profile
Re: renew of Certifikates
« Reply #3 on: March 03, 2018, 04:16:53 pm »
Is the root CA you set up for OpenVPN have a certificate that is about to expire? That is unusual; the certificate is normally set for a long time. Mine expires in 2036.

If the certificate at the top of your PKI expires, you will have to redo the whole lot.

Bart...
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • renew of Certifikates
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2