Jump to content
Not connected, Your IP: 18.116.14.48
555VPN

ANSWERED pfSense CA Certificate Expiring

Recommended Posts

I've had a pfSense VM acting as an AirVPN client (using OpenVPN) for ages and its been awesome.
Recently I've been getting the following alerts / emails from pfSense...

The following CA/Certificate entries are expiring:
Certificate: AIRvpn_CA (5b79b56578290)

I'm not great with certificates in general but looking at the pfSense console, it seems to be the Certificate Authority that is expiring, not the actual certificate (although that doesn't have long to go either), see screenshots below...

image.thumb.png.0206e2c828bfb19319ab8b25e76b57ba.png

image.thumb.png.54edae33a8dc96c53d4b19438dfb6e0f.png

There is no Renew button for the AirVPN_CA or the AirVPN_CERT.
Can anyone point me in the direction of what I need to do please before my VPN stops working?

Thanks for any help provided.

 

Share this post


Link to post

@555VPN

Hello!

The ca.crt expires in 2121. You can use the Configuration Generator to download and import any certificate. Your user.crt expires in 2033. Maybe you're watching some old certificate.

Kind regards

Share this post


Link to post

To avoid any interruptions, I’d go to client area -> devices and create a new device. Then generate a new OpenVPN config:
* check advanced settings
* choose your new device
* check OpenVPN 
* check Separate keys/certs
* download archive and extract
* import new ca.crt 
* import new user.crt
* select new cert in OpenVPN settings

Share this post


Link to post

Thanks for the replies.
Going to my device in the Client Area and clicking on Details, there is a Renew button there.
What does that do?
Will that help?

Thanks

Share this post


Link to post

That will:
* delete the old user cert
* create a new one against the current ca cert

This means you won’t be able to connect to AirVPN until you download and install these new certs, as described above. Basically "renew" replaces the "create new device" step, without being able to maintain OpenVPN connection while doing other steps. 

Share this post


Link to post

Ok, thank you very much for the assistance.
I'll try the steps in your post from yesterday and see how I get on
(There might be more questions! 😉)

Share this post


Link to post

Well it seems to have worked, I have a new CA cert being used ok (AirVPN_CA2)...
But I can't get the new user cert (AirVPN_CERT2) to be used, it doesn't seem to have a private key which the previous one does so doesn't let me choose it in the OpenVPN client config.
How do I get a private key? Can I copy the previous one?
image.thumb.png.9fcf5fce23a3a8a737dd3cf71275e8fb.png

image.thumb.png.7bb30fab5fecd4e982f55c1e332d79de.png


 

Share this post


Link to post

Ignore me, I figured it out by pasting in the data from the "user.key" file I downloaded.
Seems to be ok and a reconnect has worked on the VPN, now going to try a reboot of my pfSense box as a final test...

Share this post


Link to post

Also take a look in Client area -> Sessions and verify if you’re now connected as the new device. 

Share this post


Link to post

the fact that they are showing the delete icon now means they are not longer being utilized and the new connection is using the new key (hence you can't delete, its in use)
delete the old keys and you are good.     congrats on using a tis crypt session.    

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...