I have had the fun discovery of it appears that the "official" base certificates for OpenVPN seem to have expired today - including the ones that are referenced on this page of the wiki - https://wiki.amahi.org/index.php/VPN_Ubuntu . Is there a location for updated ones somewhere that I haven't been able to find on the wiki/amahi website? Here is what I see out of both certificates (on the server and from the vpn_ubuntu page):
Issuer: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/emailAddress=info@homehda.com
Validity
Not Before: Feb 26 08:39:38 2007 GMT
Not After : Feb 23 08:39:38 2017 GMT
Subject: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/email
Admittedly I am on an older amahi install so this might have been updated on the newer ones - I just don't like the idea of doing a full server rebuild since this is my internet gateway machine.
Any pointers/suggestions?
CLOSED: OpenVPN main cert has expired - are there updated ones available?
-
- Posts: 20
- Joined: Fri Jan 30, 2015 1:06 pm
Re: OpenVPN main cert has expired - are there updated ones available?
Working to get them updated. We will post a link once they are ready.
Using expired certificates shouldn't prevent you from access.
Using expired certificates shouldn't prevent you from access.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: OpenVPN main cert has expired - are there updated ones available?
Thanks for bringing this to our attention. It's been 10 years already?!
We will track this issue in bug #2210.
We will track this issue in bug #2210.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1
-
- Posts: 3
- Joined: Wed Oct 26, 2016 2:55 pm
Re: OpenVPN main cert has expired - are there updated ones available?
Tunnelblick nor OpenVPN for iOS will let me connect with the expired certs
Re: OpenVPN main cert has expired - are there updated ones available?
Yes, I'm not sure how each client reacts to expired certs. Some may let you override expired certs (think of what browsers do), or, more likely, they may just refuse to connect (since VPN is typically more important than just browsing SSL).
We will need a few more hours to sort this out. Possibly a day.
We will need a few more hours to sort this out. Possibly a day.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1
-
- Posts: 3
- Joined: Wed Oct 26, 2016 2:55 pm
Re: OpenVPN main cert has expired - are there updated ones available?
Is there a temporary workaround in the mean time.
Re: OpenVPN main cert has expired - are there updated ones available?
Not sure if there is anything that can be done.
Recommend you monitor the bug report for progress.
Recommend you monitor the bug report for progress.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
-
- Posts: 20
- Joined: Fri Jan 30, 2015 1:06 pm
Re: OpenVPN main cert has expired - are there updated ones available?
In my case I have been using the hdaconnect software on Windows - it definitely fails saying the certificates are invalid (correction - expired) and refuses to connect. For what it is worth I have done a force update to amahi 9 now on that server (it was at amahi 7 level before I ran into the vpn issues yesterday).
I am just glad it wasn't something I was doing wrong then at least.
I am just glad it wasn't something I was doing wrong then at least.
-
- Posts: 3
- Joined: Wed Oct 26, 2016 2:55 pm
Re: OpenVPN main cert has expired - are there updated ones available?
The sucky thing is this is the one day I needed VPN access.
Re: OpenVPN main cert has expired - are there updated ones available?
Yep, this issue disables android clients from connecting.
If you create a fix that works for the latest version and older versions (I'm on Amahi 8/Fedora 21) that would be swell.
If you create a fix that works for the latest version and older versions (I'm on Amahi 8/Fedora 21) that would be swell.
Who is online
Users browsing this forum: No registered users and 3 guests