cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
858
Views
0
Helpful
1
Replies

RV320 Trouble with Certificates in General First Goal is to generate Certs to Use OpenVPN.

Shutech
Level 1
Level 1

I have several RV320's spread out. All of them are on latest release as of this. v1.4.2.22

 

So first observation is that under My Certificates the Root Certificate duration Dates Starts and Ends way in the Future. An example is on one machine the Cert Duration is: From: 2161-05-06 To: 2171-05-04. It is also sha1WithRSAEncryption.

 

So on one Router I Deleted default Certificate and created a new one with a 10 year duration and 2048 Key and in Description it shows up as using sha256WithRSAEncryption and the Duration is: From: 2019-06-20 To: 2029-06-17.

 

I then tried using the Certificate to Generate Server and Client Keys for OpenVPN it acts like it works when I do the first one which is for the Server so I am doing it in right order. but no Certificates show up for Server under OpenVPN Certificates.

 

I also am a Heavy user of Open VPN and I use EasyRSA so I am familiar with certificates. So I also tried to create a Root Certificate and loaded them as a PEM with the CA Private Key first and the CA Certificate next in the file. It showed up fine under my certificates and also details looked good. I had the same problem. Went to generate the Server Certificate for the OpenVPN Server and it acted like it worked but no Certificates showed up under OpenVPN Certificates.

 

So what gives? I saw a post from several years ago that mentioned that someone was able to get things to work by resetting to to default then generating a new CA and then the other certs.Do I really need to do this?

 

Second is Can I generate all of my Certs in EasyRSA and import them? The only thing is that when creating a server certificate and uploading it too from the CA I had made with EasyRSA it shows up only under My Certificates. Do I have to name the Server and eventually the Client certs to something specific or use the Cli to get it in the right spot? Or do I have to generate everything from the CA created on the server?

 

Any thoughts on this?

 

Why does it seem that the Built in Security Certificates and Manager is so buggy especially in an era when higher security is prudent.

 

Last is Documentation on Certificates is not great either. Better Documentation would help.

1 Reply 1

RobertDH
Level 1
Level 1

Hi  Shutech,

I have the same problem!

Did you ever find a solution for this??

 

Cheers,

Robert.