CLOSED: OpenVPN main cert has expired - are there updated ones available?

anovak765
Posts: 4
Joined: Tue May 26, 2015 9:15 am

Re: OpenVPN main cert has expired - are there updated ones available?

Postby anovak765 » Sat Feb 25, 2017 10:25 am

I am not quite sure what error everyone else is getting but mine HDAConnect is saying "Unable to connect because your certificate has expired or the system time is incorrect." I checked both the server and the client date and time, but both are set to the correct time. Is this something to do with Amahi software or did I screw something up?

User avatar
bigfoot65
Project Manager
Posts: 11455
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Sat Feb 25, 2017 10:52 am

As noted in this thread, certificates have expired causing connection failure.

You can monitor the bug report mentioned previously to track progress.
ßîgƒσστ65
Applications Manager

rbmattis
Posts: 100
Joined: Fri Mar 18, 2011 8:37 am

Re: OpenVPN main cert has expired - are there updated ones available?

Postby rbmattis » Sat Feb 25, 2017 6:53 pm

While this took some doing for a novice like me, I followed this process to set up a Certificate Authority (CA) and generate a certificate and keys for my server and client.
https://openvpn.net/index.php/open-sour ... o.html#pki

This process worked for me on Amahi 8 / Fedora 21. cpg says that this procedure does NOT work on Fedora 25 so ymmv.

The small adjustments I had to make. I had to install easy-rsa with yum install easy-rsa
I had to make var executable with chmod 777

I made all the original certs. and keys .old and dropped the new ones in their place.

Worked like a champ for me.

User avatar
bigfoot65
Project Manager
Posts: 11455
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Sat Feb 25, 2017 6:57 pm

Would you be willing to document this in the wiki?

A step by step would help others.
ßîgƒσστ65
Applications Manager

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Mon Feb 27, 2017 8:00 am

I have thought about going the custom certificate route, but doesn't that make the amahi control panel check fail since it is no longer using an "official" base certificate? My guess is that trying to figure out how to switchout the certificates and keep the amahi control panel check working is why this problem hasn't been resolved already.

User avatar
bigfoot65
Project Manager
Posts: 11455
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Mon Feb 27, 2017 8:58 am

We have a solution. You need to check the bug 2110 for details.

We did not announce it in forums yet as there was a file that needed fixed, plus the wiki guidance and openvpn App need updated.

Recommend in future, you follow the bug report vs forums to track progress. That is our preferred tracking mechanism for issues.

Hope to have the app and wiki guidance updated shortly. Then users will need uninstall/reinstall the app and grab the new client certificates from the wiki. For now, the bug report provides sufficient details to do it manually.
ßîgƒσστ65
Applications Manager

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Mon Feb 27, 2017 6:18 pm

You have my apologies - with the color coding of the initial reference to the bug I wasn't able to see it on the monitor I was using at the time (at the office) - now that I am home I can see it fine. I will work through the info in it to see if I can get my setup functioning again. Thanks!

User avatar
bigfoot65
Project Manager
Posts: 11455
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN main cert has expired - are there updated ones available?

Postby bigfoot65 » Mon Feb 27, 2017 6:27 pm

No worries.

Hopefully the instructions are detailed enough.

We need to get the app updated and the wiki still :(

Marking this thread as closed. Further issues/questions can be handled in the bug report.
ßîgƒσστ65
Applications Manager

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: CLOSED: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Tue Feb 28, 2017 8:55 am

I am running into an issue with this - none of the @xxxx@ symbols in the amahi.conf are being evaluated/replaced. Any ideas what is needed to get these to work?

-- Unit openvpn@amahi.service has begun starting up.
Feb 28 09:51:27 localhost.localdomain openvpn[17872]: PLUGIN_INIT: could not load plugin shared object /usr/lib@HDA_ARCH_64@/openvpn/plugins/openvpn-plugin-aut
[root@localhost openvpn]# ls /usr

This is after I manually replaced HDA_NETMASK one earlier in the file.

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: CLOSED: OpenVPN main cert has expired - are there updated ones available?

Postby silverblaze » Tue Feb 28, 2017 9:01 am

Nevermind - I refreshed the bug page and saw the recommendation to uninstall/reinstall - that got it working. Thanks again everyone!

Who is online

Users browsing this forum: No registered users and 2 guests