OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: aribird on August 26, 2020, 11:01:16 pm

Title: ERROR: self signed certificate in certificate chain .Unable to connect!! HELP!
Post by: aribird on August 26, 2020, 11:01:16 pm

I apologizes if it is a topic already covered .I followed some threads with no luck.

My CA and server certificate expired and openVPN could not connect me to my Vpn Radious server anymore.

I followed threads here https://forum.opnsense.org/index.php?topic=4201.0
and here
 https://forum.opnsense.org/English_Forums/General_Discussion/(OBE)_Certificate_Expiration_-_Alternatives_to_Starting_Over

I created a new internal CA , generated new server cert  , edited the OpenVPN server config to use them and restarted openVPN services.
However ..it does not like the fact that is self sign and i get the following error:

VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=Florida, L=Lake Worth, O=Palm Beach StateCollege, emailAddress=contrea1@palmbeachstate.edu, CN=VPN-CA

 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
 TLS_ERROR: BIO read tls_read_plaintext error
 TLS Error: TLS object -> incoming plaintext read error
 TLS Error: TLS handshake failed

Anyone seen this?? Any help will be greatly appreciated !

Title: Re: ERROR: self signed certificate in certificate chain .Unable to connect!! HELP!
Post by: fabian on August 27, 2020, 11:11:59 pm

You need to update the CA and replace the client certificate as well unless both share one root certificate which I don't think is the case.