I have a QNAP model TVS-871U-RP with QTS operating system version 4.3.4.0695 on which the Open VPN service is installed. I distributed the certificate to the various VPN clients and until 12/02/2026 it worked perfectly. Now it tells me that the certificate has expired and the clients can no longer connect. How can I renew the certificate and restore access to the clients? Could you help me? Thanks.
Hi @Mario1 ,
Thank you for reaching out regarding the OpenVPN certificate renewal on your QNAP NAS.
To ensure your network security and connection stability are properly addressed, we have scheduled a formal review of this case for this coming Monday. We kindly invite you to open a support ticket through our Service Portal in the meantime: https://service.qnap.com/
Providing your system details through a formal ticket will allow our technical team to offer the most accurate guidance during our Monday session. We sincerely appreciate your patience and cooperation.
Are you using OpenVPN in the QVPN service?
if yes try login the NAS using SSH, and run command below:
export VPN_EASY_RSA="/etc/openvpn/easy-rsa"
export VPN_KEY_PATH="/etc/openvpn/keys"
export EASY_RSA="${VPN_EASY_RSA}"
export OPENSSL="/usr/bin/openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="/bin/grep"
export KEY_CONFIG=$(${VPN_EASY_RSA}/whichopensslcnf ${VPN_EASY_RSA})
export KEY_DIR="${VPN_KEY_PATH}"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="Taipei"
export KEY_ORG="QNAP Systems Inc."
export KEY_EMAIL="admin@qnap.com"
export KEY_CN="TS Series NAS"
export KEY_NAME="NAS"
export KEY_OU="NAS"
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234
/etc/openvpn/easy-rsa/clean-all
/etc/openvpn/easy-rsa/build-dh
/etc/openvpn/easy-rsa/pkitool --initca
/etc/openvpn/easy-rsa/pkitool --server myserver
Ref: