555VPN 2 Posted ... I've had a pfSense VM acting as an AirVPN client (using OpenVPN) for ages and its been awesome. Recently I've been getting the following alerts / emails from pfSense... The following CA/Certificate entries are expiring: Certificate: AIRvpn_CA (5b79b56578290) I'm not great with certificates in general but looking at the pfSense console, it seems to be the Certificate Authority that is expiring, not the actual certificate (although that doesn't have long to go either), see screenshots below... There is no Renew button for the AirVPN_CA or the AirVPN_CERT. Can anyone point me in the direction of what I need to do please before my VPN stops working? Thanks for any help provided. Share this post Link to post
Staff 9972 Posted ... @555VPN Hello! The ca.crt expires in 2121. You can use the Configuration Generator to download and import any certificate. Your user.crt expires in 2033. Maybe you're watching some old certificate. Kind regards Share this post Link to post
benfitita 39 Posted ... To avoid any interruptions, I’d go to client area -> devices and create a new device. Then generate a new OpenVPN config: * check advanced settings * choose your new device * check OpenVPN * check Separate keys/certs * download archive and extract * import new ca.crt * import new user.crt * select new cert in OpenVPN settings 1 1 555VPN and Air4141841 reacted to this Share this post Link to post
555VPN 2 Posted ... Thanks for the replies. Going to my device in the Client Area and clicking on Details, there is a Renew button there. What does that do? Will that help? Thanks Share this post Link to post
benfitita 39 Posted ... That will: * delete the old user cert * create a new one against the current ca cert This means you won’t be able to connect to AirVPN until you download and install these new certs, as described above. Basically "renew" replaces the "create new device" step, without being able to maintain OpenVPN connection while doing other steps. Share this post Link to post
555VPN 2 Posted ... Ok, thank you very much for the assistance. I'll try the steps in your post from yesterday and see how I get on (There might be more questions! 😉) Share this post Link to post
555VPN 2 Posted ... Well it seems to have worked, I have a new CA cert being used ok (AirVPN_CA2)... But I can't get the new user cert (AirVPN_CERT2) to be used, it doesn't seem to have a private key which the previous one does so doesn't let me choose it in the OpenVPN client config. How do I get a private key? Can I copy the previous one? Share this post Link to post
555VPN 2 Posted ... Ignore me, I figured it out by pasting in the data from the "user.key" file I downloaded. Seems to be ok and a reconnect has worked on the VPN, now going to try a reboot of my pfSense box as a final test... Share this post Link to post
benfitita 39 Posted ... Also take a look in Client area -> Sessions and verify if you’re now connected as the new device. Share this post Link to post
Air4141841 24 Posted ... the fact that they are showing the delete icon now means they are not longer being utilized and the new connection is using the new key (hence you can't delete, its in use) delete the old keys and you are good. congrats on using a tis crypt session. Share this post Link to post
555VPN 2 Posted ... Thanks everyone for the awesome help 👍 Please consider this thread closed. 1 Staff reacted to this Share this post Link to post