CA expired - TLS key negotiation failed
-
Hi
I'm new into the forum. I had an incident that CA was expired and I had to renew it. I got the warning - Renewing or reissuing a CA or certificate will replace the old entry. The old entry will be lost, and cannot be revoked after it has been replaced. Daemons known to be using this entry or one of its descendents will be restarted after the entry is replaced.
CA is used by OpenVPN server and since I did the renewing, then I get this error on the VPN clientWed Aug 03 20:20:58 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 03 20:20:58 2022 TLS Error: TLS handshake failed
Wed Aug 03 20:20:58 2022 SIGUSR1[soft,tls-error] received, process restartingI have checked NTP - no issues , time is accurate and I also tried to establish a new client with new generated certificate and hence new client export with key, cert - same issue.
I also tried to install a new OpenVPN server from scratch and still same error in the VPN client logs
Anyone that can help me? -
@pljungstrom
Did you also copy the new CA cert to the client? -
@viragomann - Yes, within the new user I created there I did the new certificate as I thought the same - client certificates depends on the root server CA and hence must be renewed
I even created a new OpenVPN server on port 1195 instead - after the server CA was renewed - still I get same TLS error -
@pljungstrom
The error message looks like if the client cannot reach the server.Sure that you only renewed the CA cert before you got this?
Check the client settings for the correct server name or IP and port.
