386.4 OpenVPN Certs now use SHA1

[Preskitt.man]

Why the reversion in 386.4 to use SHA1 hash instead of SHA256. Shown as a fix. Seems like a regression.

 

[octopus]

Why the reversion in 386.4 to use SHA1 hash instead of SHA256. Shown as a fix. Seems like a regression.

- FIXED: Generated OpenVPN certs used SHA1 signatures
instead of SHA256 (regression from 386.1)

 

[Zastoff]

Solved - OpenVPN server issue

Updated the VPN-client on my android phone today (OpenVPN for Android by Arne Schwabe) Now when i try to connect to the vpn-server on my AX-88u i get the following 2021-10-05 15:28:54 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.25-0-g4a9cbd88] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]...

www.snbforums.com

If a user reset their router or set OpenVPN servers to defaults between 386.1 and 386.4_alpha1 firmware it would have used SHA1 certs instead.
It got fixed in 386.4_alpha2 firmware (see edit:3 from the post on the issue)

 

[L&LD]

You're reading it wrong @Preskitt.man.

 

[explorer200]

How do we update our current OVPN server certs on Merlin 386.4 to use SHA256?

 

[octopus]

How do we update our OVPN server certs on Merlin to use SHA256 ?

Did you ever read answer?

 

[explorer200]

Did you ever read answer?

I've updated my firmware but the certs haven't changed. Can I force a refresh somehow?

 

[Zastoff]

How do we update our current OVPN server certs on Merlin 386.4 to use SHA256?

Edit3: From 386.4_alpha2 and forward this is fixed, VPN-Servers need to be set to default and reconfigured to get the new cert and keys.

 

[RMerlin]

I've updated my firmware but the certs haven't changed. Can I force a refresh somehow?

You would have to delete your configuration and regenerate it.

 

[explorer200]

You would have to delete your configuration and regenerate it.

That totally makes sense.
Done!

Worked perfectly