Importing Roadwarrior Client certificates fail

Due to the misery with CU 149 on Alix boards (i586) I had to reinstall IPFire (CU 148) from scratch. My last backup dates back a few month and so it misses several recently added Roadwarrior Clients. When trying to add them again with their valid and corresponding .p12 file in the WebGUI, I always get the message “Certificate does not have a valid CA associated with it.”, although nothing has changed with the Certificate authorities and -keys and restored Roadwarrior Clients work seamlessly.

So whats wrong here, and how can I reintroduce the Roadwarrior Clients without generating new Client certificates? I fear editing /var/ipfire/ovpn/certs/index.txt by hand will corrupt the OpenVPN database.

Any suggestion is highly appreciated.

Hi dark0ipfire,
you can copy the /var/ipfire/ovpn directory from the old machine to the new one via e.g.

cd /var/ipfire
tar cvfzp ovpn_dir.tar.gz ovpn/

copy ‘ovpn_dir.tar.gz’ to your desired machine to /var/ipfire, backUP the existing ovpn dir and unpack the tar bundle with an e.g.

cd /var/ipfire
cp -R ovpn/ opvn_bck
tar xvfz ovpn_dir.tar.gz

May this helps.

Best,

Erik

Dear Erik, that would be definitely the solution, but the old machine has gone. So I posess only the .p12 files of previously configured Roadwarrior Clients and they are not accepted for unknown reason. Anyway, thank you very much for trying to help out, Martin

Hi Martin,

the entries for your clients in the index.txt database is missing. If you would have the *.pem files, it might be possible to recreate it, an example script can be found in here --> https://forums.openvpn.net/viewtopic.php?t=9999# . Also, possible CCD entries might be needed for your clients, so probably it might be better to recreate your clients again ?

Best,

Erik