When clicking the "More details", the reason states that "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired". But then I have the option to connect anyway. And I checked more for more info from the OpenVPN admin webpage, the Certificate "Validation Results" section displays: Web Certificate/Key validation results.

If the client certificate revocation list has expired, you cannot connect to the Client VPN endpoint. Alternatively, there might be an issue with the OpenVPN-based software that the client is using to connect to the Client VPN. Jun 25, 2017 · Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private $ sudo openvpn client.ovpn And client.ovpn starts with # Automatically generated OpenVPN client config file # Generated on Mon Jun 6 10:36:29 2016 by openvpnas # Note: this configuration is user-locked to the username below Creating a new one (overwrite) will fail if it's not revoked or expired!") → OK. Export this certificate from TinyCA in the usual way and replace the expired certificate on the client computer with this one. 7.1 Server Certificates. If the firewall server certificate has expired you will see something like this in the OpenVPN log:

May 18, 2010 · I am running OpenVPN v2.0.9 on a SuSE Linux Enterprise 10.1. I created the ca certificate, server certificate, and 2 client certificates on the SuSE box. For the common name option on the ca certificate i used linux because when i ran a hostname --fqdn it responded linux.figdom.net. The 2 client certificates have common names of client1 and laptop.

OpenVPN 2.4 new Certificate Revocation List method. Processing the Certificate Revocation List (CRL) in OpenVPN 2.4 is now handled by the Crypto Library with which OpenVPN has been built. This means the list is processed much more rigidly than before. (Previously, in OpenVPN 2.3, a built-in check was used). If you just want to know whether the certificate has expired (or will do so within the next N seconds), the -checkend option to openssl x509 will tell you: if openssl x509 -checkend 86400 -noout -in file.pem then echo "Certificate is good for another day!" else echo "Certificate has expired or will do so within 24 hours!"

To export a client certificate, open Manage user certificates. The client certificates that you generated are, by default, located in 'Certificates - Current User\Personal\Certificates'. Right-click the client certificate that you want to export, click all tasks, and then click Export to open the Certificate Export Wizard.

Hello, I've been using OpenVPN for more than 10 years, but something has happened today: my CA has expired, so clients can't connect anymore. I haven't any kind of access to some of them, so I badly need them to reconnect to the server. Perhaps the root CA certificate has expired? James Yonan wrote: > Hi Bradley, > > I've haven't heard of this problem before. I have personally been running > keys which were generated by the scripts in the "easy-rsa" directory, and > those keys have been working fine for quite a bit more than 30 days. > > Have you done anything with these default settings in the openssl.cnf file: > > default Nov 26, 2017 · If you provisioned a server with Streisand between Oct 18th and Nov 23rd your OpenVPN and OCServ (OpenConnect) Root Certificate Authorities will expire 30 days after creation instead of 5 years. This bug only affected the root CA certificates. This was due to a bug that has since been fixed.