CLOSED: OpenVPN main cert has expired - are there updated ones available?

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

CLOSED: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Thu Feb 23, 2017 12:53 pm

I have had the fun discovery of it appears that the "official" base certificates for OpenVPN seem to have expired today - including the ones that are referenced on this page of the wiki - https://wiki.amahi.org/index.php/VPN_Ubuntu . Is there a location for updated ones somewhere that I haven't been able to find on the wiki/amahi website? Here is what I see out of both certificates (on the server and from the vpn_ubuntu page):

Issuer: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/emailAddress=info@homehda.com
Validity
Not Before: Feb 26 08:39:38 2007 GMT
Not After : Feb 23 08:39:38 2017 GMT
Subject: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/email

Admittedly I am on an older amahi install so this might have been updated on the newer ones - I just don't like the idea of doing a full server rebuild since this is my internet gateway machine.

Any pointers/suggestions?

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Thu Feb 23, 2017 5:02 pm

Working to get them updated. We will post a link once they are ready.

Using expired certificates shouldn't prevent you from access.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: OpenVPN main cert has expired - are there updated ones available?

Postby cpg » Thu Feb 23, 2017 5:26 pm

Thanks for bringing this to our attention. It's been 10 years already?! :D

We will track this issue in bug #2210.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

justinglock40
Posts: 3
Joined: Wed Oct 26, 2016 2:55 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby justinglock40 » Thu Feb 23, 2017 6:07 pm

Tunnelblick nor OpenVPN for iOS will let me connect with the expired certs

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: OpenVPN main cert has expired - are there updated ones available?

Postby cpg » Thu Feb 23, 2017 6:15 pm

Yes, I'm not sure how each client reacts to expired certs. Some may let you override expired certs (think of what browsers do), or, more likely, they may just refuse to connect (since VPN is typically more important than just browsing SSL).

We will need a few more hours to sort this out. Possibly a day.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

justinglock40
Posts: 3
Joined: Wed Oct 26, 2016 2:55 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby justinglock40 » Fri Feb 24, 2017 1:19 am

Is there a temporary workaround in the mean time.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Fri Feb 24, 2017 7:34 am

Not sure if there is anything that can be done.

Recommend you monitor the bug report for progress.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Fri Feb 24, 2017 7:58 am

In my case I have been using the hdaconnect software on Windows - it definitely fails saying the certificates are invalid (correction - expired) and refuses to connect. For what it is worth I have done a force update to amahi 9 now on that server (it was at amahi 7 level before I ran into the vpn issues yesterday).

I am just glad it wasn't something I was doing wrong then at least. :D

justinglock40
Posts: 3
Joined: Wed Oct 26, 2016 2:55 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby justinglock40 » Fri Feb 24, 2017 2:10 pm

The sucky thing is this is the one day I needed VPN access.

rbmattis
Posts: 100
Joined: Fri Mar 18, 2011 8:37 am

Re: OpenVPN main cert has expired - are there updated ones available?

Postby rbmattis » Sat Feb 25, 2017 6:57 am

Yep, this issue disables android clients from connecting.

If you create a fix that works for the latest version and older versions (I'm on Amahi 8/Fedora 21) that would be swell.

Who is online

Users browsing this forum: No registered users and 11 guests