OVPN Cert creation algo

You are welcome :slightly_smiling_face:

Thanks, this works for me. Will this be integrated in the next Core update or would it be incompatible with OpenVPN < 2.6?

Just FYI: Itā€™s possible to convert old certs to be usable with OpenVPN 2.6 (without having to use legacy in the serverā€™s config):

# Convert
openssl pkcs12 -legacy -in mycert.p12 -out your-openvpn-keys.key -nocerts -nodes
openssl pkcs12 -legacy -in mycert.p12 -out your-openvpn-keys.pem -nokeys
openssl pkcs12 -export -out mycertNEW.p12 -inkey your-openvpn-keys.key -in your-openvpn-keys.pem

# Test
openssl pkcs12 -info -in mycertNEW.p12 -noout
1 Like

Your welcome,
i think the developers wanted to wait until OpenSSL-3.x can be integrated into IPFire environment to use then the OpenSSL defaults, so i donĀ“t think so.

Best,

Erik

A test build evaluation of OpenSSL-3.x was carried out but then there were two or three version updates of OpenSSL-3.x with CVEā€™s against them while meanwhile the OpenSSL-1.1.1x series had no CVEā€™s.

The IPFire developers decided they would wait for OpenSSL-3.x to have a proven track record of version updates without further CVEā€™s before considering including it into the IPFire2.x production releases.

OpenSSL-1.1.1x is currently still being supported and has not yet been deprecated.

OpenSSL-3.x will not be in CU173.

4 Likes

For the record: OpenSSL-3.x now present in recently released CU177.

OpenSSL-3.1.1 was in Core Update 175.

https://blog.ipfire.org/post/ipfire-2-27-core-update-175-released

My bad. Mixed up with OpenSSL-1.x being removed in CU177.