Recommended method for migrating from SHA1 cert to SHA512 cert

Reply to Recommended method for migrating from SHA1 cert to SHA512 cert on Fri, 01 Dec 2023 17:03:22 GMT

jc2it — Fri, 01 Dec 2023 17:03:22 GMT

@jimp Thanks for the clarification. We have not upgraded to 2.7.1 and we will attempt to get that changed over seamlessly for the user.

Reply to Recommended method for migrating from SHA1 cert to SHA512 cert on Fri, 01 Dec 2023 16:48:45 GMT

jimp — Fri, 01 Dec 2023 16:48:45 GMT

If you have not yet upgraded to 2.7.1 or later, then creating a new CA + Server Cert + OpenVPN Server (+User Certs if you have them), and so on is ideal. You can then migrate users to that while both can still function.

If you have already upgraded to 2.7.1 and the current server can't work because of the weak certs, then you're better off just creating the CA+Certs again and using them on the current server, then getting the new files to users and so on.

Reply to Recommended method for migrating from SHA1 cert to SHA512 cert on Fri, 01 Dec 2023 16:05:08 GMT

jc2it — Fri, 01 Dec 2023 16:05:08 GMT

Would it be a better idea to Create Another CA with an updated cert and a New Server Cert and migrate all of the VPN clients as we can get them in?

Anybody do this previously?