OpenVPN Server Becomes Unresponsive After Certificate Change in Kerio Control 9.5

Overview

In Kerio Control version 9.5, a critical issue has been identified that can cause the OpenVPN server to become unresponsive following a change in its certificate configuration. After this occurs, all incoming OpenVPN client connections time out without any clear error messages in the logs. Additionally, attempts to download the OpenVPN configuration result in empty (0KB) files. Debug logs may show a "Failed to load local CA certificate" message when exporting a profile, indicating a failure in the certificate loading process.

Solution

To resolve the issue and restore OpenVPN server functionality:

1. Access the OpenVPN Configuration Settings:

   • Navigate to the OpenVPN configuration section within the Kerio Control administrative interface.

2. Reset Certificate Settings:

   • Set both the Certificate Authority and Server Certificate options to "Use Default".

3. Let OpenVPN Auto-Select Default Certificates:

   • With these settings applied, OpenVPN will automatically attempt to locate suitable default certificates.

   • By default, it will use:

     • Certificate Authority: OpenVPN Local Authority

     • Server Certificate: OpenVPN Server Certificate

This workaround re-enables OpenVPN operations without requiring manual certificate uploads or extensive debugging.

This issue has been reported to the development team and will be addressed in a future release.