OpenVPN - does anyone have "NEW" working?

[nonsubscriber]

Hello. Legacy setup works fine but after multiple times following the documentation I cannot get this working.

Thanks for any help!

I get:


Wed Jan 15 15:57:17 2025 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=CA, CN=opnsense_ovpn_server, serial=6
Wed Jan 15 15:57:17 2025 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
Wed Jan 15 15:57:17 2025 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 15 15:57:17 2025 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 15 15:57:17 2025 TLS Error: TLS handshake failed
Wed Jan 15 15:57:17 2025 Fatal TLS error (check_tls_errors_co), restarting

[Patrick M. Hausen]

Are you trying to use a client certificate as a server cert or vice versa?

[nonsubscriber]

Are you trying to use a client certificate as a server cert or vice versa?

Thanks I've tried generating both a server cert (CA signed,) and a combined one. The error is the same both ways. I have created a cert for the user.

[nonsubscriber]

Are you trying to use a client certificate as a server cert or vice versa?

Are you trying to use a client certificate as a server cert or vice versa?

Thanks I've tried generating both a server cert (CA signed,) and a combined one. The error is the same both ways. I have created a cert for the user.

Geeez I re-did the cert again so I must have missed something, works now. Thanks for steering me in the right direction!