« ASG Up2Date 6.201 released [Middle] | Main | ASG Up2Date 5.212 released [Low] »
CA Certificate expiration date
You use X.509 certificates for VPN connections and you are a loyal user of Astaro Security Gateway?
Maybe you should check the expiration date of your CA (Certificate Authority) Certificate, because it has a lifetime of "just" 4 years.
If you use X.509 certificates for VPN connections and imported your configuration from a V5 you should check the expiration date of your CA (Certificate Authority) Certificates.
Please login into the WebAdmin, go to IPSec VPN >> CA Management and hover over the blue i of the Verification CA.
You will see something like this:
The entry Expires shows you, when your VPN connections with X.509 certificates signed by this CA will be dropped, because its expired.
And they will be dropped minutious, I tested it today :-)
Another good indicator for an expired Certificate Authority Certificate is a red error message "No verification CA !" for your host certificate:
Be prepared and generate a new Certificate Authority Certificate under IPSec VPN >> CA Management and sign your host certificate before the expiration date. The online help of ASG will guide you with a Basic Step-by-Step Setup paragraph.
Is this a bug? Is this irritating?
No, its a security feature! Four years is a very long time - usually nobody will run (or should run) a security device for this time without a major release change. Maybe you did, because we offered you always a seamless upgrade path from major version to major version (btw. without any extra costs) and your configuration including the certificates moved from release to release. So this is your chance to clean things up, to rethink your VPN setup and to wonder who are these people asking for a new certificate because the VPN connection is broken...
Maybe its also good reason to increase the key size of the Certificate Authority, you never know.
- Current Versions
-
- ASG V7: 7.201
- ASG V6: 6.313
- AWG V7: 7.201
- ACC V1: 1.401
- ASC V9: 9.03
- ARM V4: 4.6
- Release Notes
- Know Issues Lists
- Hardware Compatibility Lists
- Links
- Subscribe to this blog's feed
-
- RSS (What is this?)
- By Product
- Recent Posts
-
- Up2Date 7.201 released
- Up2Date ASG V7.200 GA released
- Release Candidate 1 (RC1) for ASG V7.200 BETA released
- Up2Date 7.191 for ASG V7.200 BETA released
- Up2Date 7.190 for ASG V7.200 BETA released
- Up2Date 7.185 for ASG V7.200 BETA released
- Public ASG V7.200 BETA released
- ASG Up2date 6.313 released [Middle]
- ASG 7.200 BETA upcoming!
- Astaro Secure Client V9.03 released
- By Month