Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New created certificates are revoked ?

    OpenVPN
    1
    2
    509
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      regressor
      last edited by regressor

      We have virtual pfsense installation. Today I created new user certificate for new VPN user. Then I generated ovpn config and tried to connect to check if all works ok. But got client errors local/remote TLS keys are out of sync.

      Then I look into openvpn log and found this: "VERIFY ERROR: depth=0, error=certificate revoked: CN=dla, C=RU, ST=FE, ..."

      I double checked CRL and it is doesn't contain dla cert. Old certificates work without problem. But newly created allways throw error=certificate revoked. InUse column in certificate list doesn't contain "revoked" for new certificates.

      How this can be fixed ?

      R 1 Reply Last reply Reply Quote 0
      • R
        regressor @regressor
        last edited by

        Found. There was old certificates generated using easy-rsa before pfsense installation. And it was added to crl. New certificate was created with same serial and became revoked. I created new one and all works.

        There is a bug in pfsense - it should check crl and show "revoked" for certs with revoked serial.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.