Menu
▾
▴
Re: [Openvpn-users] How to ignore client certificate temporarily
|
From: Jan J. K. <ja...@ni...> - 2010-11-11 09:52:02
|
Hellmut Gerichhausen wrote: > Hi, > > I am admin of a OpenVPN network. The network clients are leased systems sited at a lot of different customers at different places. The VPN is needed to send messages to that clients from the server and for remote administration of the clients. But I don't have the chance to handle the clients physically. As long as the certificates are valid, I can do my yearly service. But there are some systems, which I have missed to service in time and so the certificates are outdated. > > Do I have any chance to ignore the certificate date at the server for a special client temporarily? Then I would like to authorize a new cert and reset the system to normal state. > If a client certificate is expired (i.e. out of date) then there is no way that the client should be able to connect to the server . Your only chance might be to set the clock back for the (entire) openvpn server but I doubt that you want to do that ... If it were possible to connect using an outdated certificate it should be considered a breach of security. HTH, JJK |
