I am experiencing the following error and can't start the OpenVPN service. I have tried completely removing my internal CA Cert, recreating it, and re-creating the OpenVPN server using the wizard. It still results in this error.
Does anyone have any idea what I might be doing wrong? Appreciate the help.
Feb 20 17:12:37 openvpn[11960]: Exiting due to fatal error
Feb 20 17:12:37 openvpn[11960]: Cannot load certificate file /var/etc/openvpn/server1.cert: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Feb 20 17:12:37 openvpn[11960]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 20 17:12:37 openvpn[11674]: library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.09
Feb 20 17:12:37 openvpn[11674]: OpenVPN 2.3.10 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 19 2016
Feb 20 17:12:26
Hi rrspyder,
First of all: please upgrade, you're running a vulnerable version of OpenSSL. :)
Secondly, the wizard had a bug that prevented creating a proper certificate[1]. The fix is to upgrade to the latest 16.1 and go through the wizard again. Sorry about that.
Cheers,
Franco
[1] https://github.com/opnsense/core/commit/5dba1153edef425b6b9a1db1e31b872aa0adfe50