- 当前CA证书有效期是到 2029/11/04 [root@localhost ~]# cat /etc/openvpn/server/certs/ca.crt | openssl x509 -noout -enddate notAfter=Nov 4 09:23:29 2029 GMT
- 当前服务器证书有效期是到 2022/10/22 [root@localhost ~]# cat /etc/openvpn/server/certs/server.crt | openssl x509 -noout -enddate notAfter=Oct 22 09:24:05 2022 GMT
3.当前客户端证书有效期是到 2022/10/22
[root@client ~]:/etc/openvpn# cat /etc/openvpn/client.crt | openssl x509 -noout -enddate notAfter=Oct 22 09:52:47 2022 GMT
4.所以2022/10/22之前需要更新延期 服务器证书server.crt和客户端证书client.crt
- ./easyrsa renew client nopass 和 ./easyrsa renew server nopass
[root@localhost 3]# ./easyrsa renew client nopass
Note: using Easy-RSA configuration from: ./vars
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Please confirm you wish to renew the certificate with the following subject:
subject= commonName = client
Type the word 'yes' to continue, or any other input to abort. Continue with renew: yes
Easy-RSA error:
Certificate expires in more than 30 days. Renewal not allowed.
- renew 证书需要在证书到期前的30天内,否则renew not allowed。
- EASYRSA_CERT_EXPIRE=36500 ./easyrsa renew server nopass EASYRSA_CERT_EXPIRE=36500 ./easyrsa renew vc nopass