All Questions
32
questions
1
vote
1
answer
1k
views
OpenVPN "error=CA signature digest algorithm too weak"
After upgrading our OpenVPN server from Debian Buster to Bookworm, which also upgraded OpenVPN from 2.4.7 to 2.6.3, we're now getting this when any client tries to connect:
error=CA signature digest ...
0
votes
1
answer
277
views
Configure OpenVPN with existing certificate
I want to configure OpenVPN with available certificates, without using easy-rsa.
I use openssl to generate private.key and csr.csr. Then I use opensource CA EJBCA to authenticate csr and create a ...
3
votes
1
answer
955
views
OpenVPN Revoke a certificate without the CRT file with Easy RSA
I'm confused, I have an OpenVPN server on Debian. The previous system administrator who was in charge of this server deleted the user certificates (.crt file) with the command "rm -f example.crt&...
0
votes
0
answers
486
views
CA-Certificate and Server Certificate are expired! - openVPN - Server <--> Client(x)
I am hosting an openVPN-Service to connect ~30 IoT-Clients directly to my Server. I have forgoten to extend the lifetime of the self-signed ca.cert and the server.crt. Now my openVPN-Clients could not ...
0
votes
1
answer
560
views
server SSL Certificate validation
This may seem rather trivial, but Im' not good with tls.
I have an openvpn server that does mutual tls auth.
my vpn client has a ca.crt file of:
root CA
intermediate CA
issuing CA
my server has a ...
1
vote
1
answer
2k
views
OpenVPN - Can client certificates and keys be created if you only have ca.crt
All servers are debian 9 linux. I have 200 servers with openvpn installed, each with three to four clients (tunnel 2)
clients ---> server1 (1 of 200) (also client for jumpserver) ---> jumpserver ...
0
votes
2
answers
4k
views
OpenVPN issue verifying CRL
With an OpenVPN/EasyRSA 3 setup (split machines for CA and VPN entry point), I'm facing the issue that whatever CRL I generate, OpenVPN seemingly cannot handle it.
Setup Overview: Things That Go Well
...
0
votes
1
answer
2k
views
Wrong version of OpenSSL shown when using PowerShell script "OpenSSL version"
I was following a video tutorial on installing OpenVPN Server on Windows Server 2019 and for that I needed to install OpenSSL. I downloaded and successfully installed version 3.0.1, but as soon as I ...
0
votes
1
answer
461
views
Preventing Script Injection from ISP (Proxy Analyzer) through VPN
I'm using Sophos SSL VPN Client. But I'm using BSNL ISP. Whenever I connect my VPN and browse any HTTP non-secured websites ADS gets injected into the JS script file. But when I disconnect a VPN and ...
0
votes
1
answer
900
views
OpenSSL "wrong curve" error on opnvpn 2.4.8
I am trying to update our openvpn server to 2.4.8 to take advantage of larger listen() backlog queue. However, we see following errors:
Mar 6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY ...
2
votes
1
answer
3k
views
OpenVPN - trying to validate CRL on client certificate
I'm running OpenVPN on a hardware router running OpenWRT. Every time a client connects I get the following error in the logs:
VERIFY WARNING: depth=0, unable to get certificate CRL
I've got a 2 ...
0
votes
0
answers
3k
views
openssl ca -gencrl is not working at all
Out of the blue, all clients cannot connect because the crl has expired. I am unable to generate a new crl. I currently have OpenVPN configured to ignore it for the time being because clients must be ...
3
votes
3
answers
11k
views
openvpn client certificate error with "unsupported purpose"
I was following this wiki instruction to generate OpenVPN client certificate. This involves:
easyrsa gen-req client1 nopass
I tried to use this client1 certificate in my OpenVPN setup. The server ...
1
vote
1
answer
1k
views
Easy-rsa files including ca.key deleted from server
My server's easy-rsa file structure was accidentally deleted from the server during an os upgrade. I still have the ca.crt but no longer have ca.key or the client keys.
What are the ramifications for ...
0
votes
1
answer
836
views
Openvpn setting up new CA.cert, server key on old setup
I mistakenly deleted keys folder with ca.cert, server.key and dh2048.perm. I have multiple clients located various places which are still connecting with server.
I want to generate new set of ca.cert,...