New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update openVPN certificates and deploy to devices #142

Closed

jellyfish-bot opened this issue Mar 7, 2022 · 2 comments

jellyfish-bot commented Mar 7, 2022

[fisehara] Basically the certificates are initiliased during openBalena quickstart command. But there is no way in openBalena to update those certificates on the devices itself.

Temporary Solution:

Manually create new certificates before deploying them in the openBalena deployment.
Manually copy certificates on devices into /etc/openvpn certificates folder with existing VPN connection. Caution: Don't overwrite existing certs.
Deploy new certs to openBalena deployment.

Contributor

bartversluijs commented Apr 22, 2022

Any suggestions / commands to manually update the certificates?

Contributor

ab77 commented Jul 8, 2024

CA generations:
https://github.com/balena-io/ca-private/blob/master/entry.sh#L29-L31

CA root 5y valid:
https://github.com/balena-io/ca-private/blob/master/entry.sh#L62

CA intermediate (server) 3y valid:
https://github.com/balena-io/ca-private/blob/master/entry.sh#L82

Cert valid:
https://github.com/balena-io/ca-private/blob/master/entry.sh#L23-L24

To "renew" VPN certs after ~ 13 month, delete everything under /certs shared volume and restart the composition.

To create new roots after intermediate serve expiry, increment CA gen.. Same for root CA gen.

ab77 closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment