Menu
▾
▴
[Astlinux-users] OpenVPN certificates expire
|
From: Lonnie A. <li...@lo...> - 2019-03-03 17:05:26
|
Greetings, A friendly heads-up, the AstLinux web interface generates OpenVPN (and IPSec) certificates with a expire date of 10 years in the future. Seems like a really long time... Well today I hit an OpenVPN failure due to an expired certificate ... thank goodness I also had WireGuard access ! BTW, a CLI command to check your OpenVPN valid dates is: -- openssl x509 -startdate -enddate -noout -in /mnt/kd/openvpn/webinterface/keys/ca.crt -- This was not all bad, since if your cert is 10 years old then recreating them with 2048 bits and SHA-256 is a good thing anyway. I also enabled "Extra TLS-Auth:" while I was at it. Also a good time to consider switching to WireGuard :-) Lonnie |
