Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Renewal of CA Certificate with active Client Certificates

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 431 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      janklever
      last edited by

      We have:

      • CA for VPN valid until 2022-10-01
      • Clients issued by this CA with longer validity, e.g. until 2023-01-10

      We tried renewal of the CA Certificate in the web gui with "reuse key" checked, but clients with Client Certificates issued by the old CA Certificate can't connect to the VPN Server anymore, when the new CA Certificate is active.

      Is there a way to renew the CA Certificate so that VPN clients issued by the old CA Certificate can still be verified?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You'll need an additional fix to also retain the existing serial number of the CA.

        See https://redmine.pfsense.org/issues/13010

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • J
          janklever
          last edited by

          Thank you so much! That solution worked :)

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.