VPN Going Offline - Expired Certificates

I’ve had very frustrating issues with the system admin VPN randomly going offline until I restart the VPN. Restarting the server doesn’t work, I have to actually disable and then reenable the VPN. I finally found some logs and realized that the certificate has been expiring.

TLS: Initial packet from [AF_INET]000.000.000.000:41484, sid=b3b84265 fedc4e14
VERIFY ERROR: depth=0, error=CRL has expired: CN=client4
OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting

I looked up the error about the expired CRL and found out that certificate length can be set to a high value through the “nextUpdate” variable when generating the cert through easyRSA. I don’t see an option to increase this value in system admin, and I’m not sure where to update this value manually in the configs. I’m worried that even if I found the config, it would simply be overwritten on a config update.

This problem impacts basically all of my servers relying on the vpn and is seriously impacting the reliability of my systems. Has anyone else encountered this problem and found a fix?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.