Server certificate expiring - Just want to check.........

alanbaker

I'm getting my daily text messages from Telegram advising my server certificate is expiring. I don't want to have to reconfigure the clients with a new cert so on a Sunday (Off day) should I be clicking renew - tick to use the existing serial and key?
and everyone can start Monday morning without any connection issues?

The clients are all windows with the OpenVPN connect client installed.

Maybe I'll create a checkpoint also as it's a VM.

Screenshot 2024-09-16 at 16.11.23.png

viragomann

@alanbaker
Renewing the server cert doesn't affect the clients at all.
The clients just verify that the server certificate is issued by the correct CA according their settings.

Only if you need to renew the CA cert you have to reissue all client certs as well and deploy the new certs.

alanbaker

So it doesn’t matter if the serial and key are reused?

viragomann

@alanbaker
Retaining the serial doesn't make sense here. But anyway, it would not have any affect to the clients.

As well the private key is only used by the server for encryption and doesn't affect the clients.

After reissuing ensure that the new certificate is assigned properly to the server.