Hi all,
We have a problem with the clients after the server reboot.
OS: Centos 7
Kernel: 3.10.0-514.26.2.el7.x86_64
OpenVPN: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched]
[SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built
on Jun 21 2017
library versions: OpenSS
On 08.08.2017 19:59, Mio Vlahović wrote:
> Hi all,
>
> We have a problem with the clients after the server reboot.
>
> [CUT]
One update... I can no longer generate new certificates. It seemse that
whichopensslcnf scripts can't find openssl.cnf (which is there in the
same directory...)
[root@
Mio Vlahović schreef op 08-08-2017 19:59:
Can anyone assist us on this one? I have googled and found something
about CRL has expired error. Is it related with the upgrade of the
openvpn package? we use one from the epel repository.
You know a CRL is a certificate revocation list right.
Being
Hi,
On Tue, Aug 08, 2017 at 08:34:25PM +0200, Xen wrote:
> So you can do two things: renew your CRL, or remove it from the
> configuration.
>
> I will let someone answer now who actually has something useful to say
> ;-).
Well, that's about the message :-) - a CRL has a lifetime, which can
be
You very likely created your certificated with MD5 hashing, which
was disabled on newer OpenSSL versions of CentOS.
Try:
export NSS_HASH_ALG_SUPPORT=+MD5
export OPENSSL_ENABLE_MD5_VERIFY=1
before starting your OpenVPN daemon and watch if that make clients
connect again ...
E
On 08-08-17 20:34, Xen wrote:
> Mio Vlahović schreef op 08-08-2017 19:59:
>
>> Can anyone assist us on this one? I have googled and found something
>> about CRL has expired error. Is it related with the upgrade of the
>> openvpn package? we use one from the epel repository.
>
> You know a CRL i
On 08-08-17 20:34, Leonardo Rodrigues wrote:
>
> You very likely created your certificated with MD5 hashing, which
> was disabled on newer OpenSSL versions of CentOS.
>
> Try:
>
> export NSS_HASH_ALG_SUPPORT=+MD5
> export OPENSSL_ENABLE_MD5_VERIFY=1
>
> before starting your OpenVPN
On 08/08/17 20:34, Leonardo Rodrigues wrote:
>
> You very likely created your certificated with MD5 hashing, which
> was disabled on newer OpenSSL versions of CentOS.
>
> Try:
>
> export NSS_HASH_ALG_SUPPORT=+MD5
> export OPENSSL_ENABLE_MD5_VERIFY=1
>
> before starting your OpenVPN
On 08.08.2017 21:13, David Sommerseth wrote:
> On 08/08/17 20:34, Leonardo Rodrigues wrote:
>>
>> You very likely created your certificated with MD5 hashing, which
>> was disabled on newer OpenSSL versions of CentOS.
>>
>> Try:
>>
>> export NSS_HASH_ALG_SUPPORT=+MD5
>> export OPENSSL_ENAB
On 08/08/17 21:28, Mio Vlahović wrote:
> On 08.08.2017 21:13, David Sommerseth wrote:
>> On 08/08/17 20:34, Leonardo Rodrigues wrote:
>>>
>>> You very likely created your certificated with MD5 hashing, which
>>> was disabled on newer OpenSSL versions of CentOS.
>>>
>>> Try:
>>>
>>> export
On 08.08.2017 21:47, David Sommerseth wrote:
> On 08/08/17 21:28, Mio Vlahović wrote:
>> On 08.08.2017 21:13, David Sommerseth wrote:
>>> On 08/08/17 20:34, Leonardo Rodrigues wrote:
You very likely created your certificated with MD5 hashing, which
was disabled on newer OpenSSL
Mio Vlahović schreef op 08-08-2017 22:02:
On 08.08.2017 21:47, David Sommerseth wrote:
On 08/08/17 21:28, Mio Vlahović wrote:
On 08.08.2017 21:13, David Sommerseth wrote:
On 08/08/17 20:34, Leonardo Rodrigues wrote:
You very likely created your certificated with MD5 hashing,
which
wa
This may be a stupid question but...
Do any of the openssl cnf files have a comment in them that says "easy-rsa
version 2.x"?
if you do 'echo $KEY_CONFIG', what does it say?
Thanks,
-Joe
On Tue, Aug 8, 2017 at 4:03 PM Mio Vlahović wrote:
> On 08.08.2017 21:47, David Sommerseth wrote:
> > On
> On 08/08/17 21:50, Mio Vlahovi? wrote:
>> On 08.08.2017 21:47, David Sommerseth wrote:
>>> On 08/08/17 21:28, Mio Vlahovi? wrote:
On 08.08.2017 21:13, David Sommerseth wrote:
> On 08/08/17 20:34, Leonardo Rodrigues wrote:
>>
>> You very likely created your certificated with
14 matches
Mail list logo
