VPN Certificate Issue

@alefattorini
Yeah, it was by checking the dates of the various files that I was able to backtrack the sequence of what happened as I started to build the server and then put off replacing Zentyal until I had some time on my hands:

[root@NethServer ~]# ls -lrt /var/lib/nethserver/certs/
total 88
-rw-r--r--. 1 root   root    3 Jul 17 16:45 crlnumber.old
-rw-r--r--. 1 root   root  245 Jul 17 16:45 dh1024.pem
-rw-r--r--. 1 root   root    3 Jul 17 16:45 crlnumber
-rw-r--r--. 1 root   root  735 Jul 17 16:45 crl.pem
-rw-r-----. 1 root   adm  1704 Jul 18 15:20 eddie.key
-rw-r--r--. 1 root   root 1070 Jul 18 15:20 eddie.csr
-rw-r--r--. 1 root   root    3 Jul 18 15:20 serial.old
-rw-r--r--. 1 root   root 1541 Jul 18 15:20 eddie.crt
-rw-r--r--. 1 root   root  133 Jul 18 15:20 certindex.old
-rw-r--r--. 1 root   root   21 Jul 18 15:20 certindex.attr.old
-rw-r--r--. 1 root   root 1541 Jul 18 15:20 01.pem
-rw-r--r--. 1 root   root 3832 Jul 18 15:20 eddie.p12
drwxr-----. 2 srvmgr adm  4096 Sep 29 06:40 clients
-rw-r--r--. 1 root   root 1559 Sep 29 06:40 ca.cnf
-rw-r-----. 1 root   adm  1708 Dec 26 15:40 testvpn.key
-rw-r--r--. 1 root   root 1094 Dec 26 15:40 testvpn.csr
-rw-r--r--. 1 root   root 1619 Dec 26 15:40 testvpn.crt
-rw-r--r--. 1 root   root    3 Dec 26 15:40 serial
-rw-r--r--. 1 root   root   21 Dec 26 15:40 certindex.attr
-rw-r--r--. 1 root   root  283 Dec 26 15:40 certindex
-rw-r--r--. 1 root   root 1619 Dec 26 15:40 02.pem
-rw-r--r--. 1 root   root 3980 Dec 26 15:40 testvpn.p12
[root@NethServer ~]# ls -lrt /etc/pki/tls/certs
 total 1932
-rw-r--r--. 1 root root 1066943 Apr 23  2015 ca-bundle.trust.crt
-rw-r--r--. 1 root root  877042 Apr 23  2015 ca-bundle.crt
-rw-r--r--. 1 root root    1574 Jul 18 20:20 NSRV.crt
-rw-------. 1 root root    1575 Jul 18 20:20 localhost.crt
-rw-------. 1 root root    1575 Jul 18 20:20 httpd-admin.crt
-rw-r-----. 1 root ldap    3283 Jul 18 20:20 slapd.pem
-rwxr-xr-x. 1 root root     829 Dec 13 21:16 renew-dummy-cert
-rw-r--r--. 1 root root    2242 Dec 13 21:16 Makefile
-rwxr-xr-x. 1 root root     610 Dec 13 21:16 make-dummy-cert
[root@NethServer ~]# ls -lrt /etc/pki/tls/private/
total 12
-rw-------. 1 root root 1708 Jul 17 16:20 NSRV.key
-rw-------. 1 root root 1708 Jul 17 16:20 httpd-admin.key
-rw-------. 1 root root 1708 Jul 17 16:45 localhost.key
[root@NethServer ~]#

Jul 17 was probably the date that I built the server and you can see that some of the files are still from that date.

eddie is the VPN user that I originally created on Jul 18. Subsequently, the main certificate was re-generated some 5 hours later on the same day. This is the user that raised the errors shown in the original post, even after re-exporting the key bundles.

testvpn is the VPN user I created to confirm what I thought the issue was, and is the one I'm using currently to connect.

I'll leave it to the developers are to how they classify this.

@Nas
STR ?? I'm not sure what you're requesting.

Cheers.