→ Applies to: SynetoOS 4.x

Step 1. Connect to SynetoOS appliance via SSH as admin

ssh admin@<your_ip_address_or_hostname>

 Step 2. Navigate to OpenVPN directory

cd /etc/openvpn

Step 3. List file and look for the server certificate (in the format server_<random-chars>.crt)

ls -la

Step 4. Check certificate validity (replace <your_certificate> with the correct certificate file name)

openssl x509 -in <your_certificate> -dates -noout

The notBefore and notAfter dates indicate the certificate's validity period

Step 5 (optional). If the certificate is expired or is about to expire, backup the existing certificate files by renaming them (replace <your_server> with the correct server name)

mv /etc/openvpn/easy-rsa/pki/reqs/<your_server>.req <your_server>.req.backup 
mv /etc/openvpn/easy-rsa/pki/private/<your_server>.key <your_server>.key.backup 
mv /etc/openvpn/easy-rsa/pki/issued/<your_server>.crt <your_server>.crt.backup 
mv /etc/openvpn/<your_server>.crt <your_server>.crt.backup 
mv /etc/openvpn/<your_server>.key <your_server>.key.backup

Step 6. Generate a new certificate (replace <your_certificate> with the correct certificate file name)

cd /etc/openvpn/easy-rsa

./easyrsa build-server-full <your_server> nopass

Step 7. Move the new certificate and key to OpenVPN directory

cp /etc/openvpn/easy-rsa/pki/issued/server_xyzblablabla.crt /etc/openvpn

cp /etc/openvpn/easy-rsa/pki/private/server_xyzblablabla.key /etc/openvpn

Step 8. Restart OpenVPN service

svcadm restart openvpn-server@server.service