Amahi Forums

Posted: **Thu Feb 23, 2017 12:53 pm**

I have had the fun discovery of it appears that the "official" base certificates for OpenVPN seem to have expired today - including the ones that are referenced on this page of the wiki - https://wiki.amahi.org/index.php/VPN_Ubuntu . Is there a location for updated ones somewhere that I haven't been able to find on the wiki/amahi website? Here is what I see out of both certificates (on the server and from the vpn_ubuntu page):

Issuer: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/emailAddress=info@homehda.com
Validity
Not Before: Feb 26 08:39:38 2007 GMT
Not After : Feb 23 08:39:38 2017 GMT
Subject: C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com/email

Admittedly I am on an older amahi install so this might have been updated on the newer ones - I just don't like the idea of doing a full server rebuild since this is my internet gateway machine.

Any pointers/suggestions?

Posted: **Thu Feb 23, 2017 5:02 pm**

Working to get them updated. We will post a link once they are ready.

Using expired certificates shouldn't prevent you from access.

Posted: **Thu Feb 23, 2017 5:26 pm**

Thanks for bringing this to our attention. It's been 10 years already?!

We will track this issue in bug #2210.

Posted: **Thu Feb 23, 2017 6:07 pm**

Tunnelblick nor OpenVPN for iOS will let me connect with the expired certs

Posted: **Thu Feb 23, 2017 6:15 pm**

Yes, I'm not sure how each client reacts to expired certs. Some may let you override expired certs (think of what browsers do), or, more likely, they may just refuse to connect (since VPN is typically more important than just browsing SSL).

We will need a few more hours to sort this out. Possibly a day.

Posted: **Fri Feb 24, 2017 1:19 am**

Is there a temporary workaround in the mean time.

Posted: **Fri Feb 24, 2017 7:34 am**

Not sure if there is anything that can be done.

Recommend you monitor the bug report for progress.

Posted: **Fri Feb 24, 2017 7:58 am**

In my case I have been using the hdaconnect software on Windows - it definitely fails saying the certificates are invalid (correction - expired) and refuses to connect. For what it is worth I have done a force update to amahi 9 now on that server (it was at amahi 7 level before I ran into the vpn issues yesterday).

I am just glad it wasn't something I was doing wrong then at least.

Posted: **Fri Feb 24, 2017 2:10 pm**

The sucky thing is this is the one day I needed VPN access.

Posted: **Sat Feb 25, 2017 6:57 am**

Yep, this issue disables android clients from connecting.

If you create a fix that works for the latest version and older versions (I'm on Amahi 8/Fedora 21) that would be swell.

Amahi Forums

CLOSED: OpenVPN main cert has expired - are there updated ones available?

CLOSED: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?

Re: OpenVPN main cert has expired - are there updated ones available?