Simplify and orchestrate VPN networking and configuration tasks.
Post Reply
Posts: 1
Liked: never
Joined: Sep 16, 2019 10:35 am

OpenVPN Server - client certificate duration

Post by JamesT »

like the topic title says, I would like to ask a simple question.
What is the default client certificate duration that is created for every OpenVPN client and can it be changed in some configuration file?
From what i could find, OpenVPN Server 'main' certificate was generated with a 10 year period validity. Unfortunately I was not able to find similar information regarding client certificates.

Veeam Software
Posts: 330
Liked: 170 times
Joined: Jun 24, 2019 1:39 pm
Full Name: Chris Arceneaux
Location: Kentucky, USA

Re: OpenVPN Server - client certificate duration

Post by chris.arceneaux »

Hi James,

Default client certificate duration is for the full term of the root CA certificate (or 'main' certificate). As you saw, that certificate is 10 years. If you'd like clients to have a shorter validity period, you can make the following changes:
  • Edit /etc/veeampn/veeampn.cfg
  • Find the line below:

Code: Select all

Validity = 3650;
  • Change it to the value in days that you'd prefer:

Code: Select all

Validity = 365;
  • Restart VeeamPN to apply the change:

Code: Select all

service veeampn restart
After making this change, all new client certs generated will be for the validity period specified. I'll also add that I tested the above process with Veeam PN v2.1.

NOTE: By default, the Veeam PN appliance doesn't have a known text editor that I've found. I don't know what text editor you prefer but here's how to install Vim:

Code: Select all

sudo apt-get install vim
Note that if you leave sudo off, even though you're logged in as root, apt-get install commands will not work.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests