Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Read 4053 times)
blackhiden
Newbie
Posts: 2
Karma: 0
OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
«
on:
February 02, 2019, 09:36:16 am »
Hello,
I'm new guy on OPNsense. Last night, I configured OpenVPN server on OPNsense.
Here my specification -
name: openvpn_server
server mode: remote access (ssl/tls user auth)
backend auth: local database
proto: UDP
iface: WAN
dev mode: tun
port: 1194
tls auth: no
dh: 2048
ca: ca
server cert: server (2048, SHA1)
encription algo: AES - 128 -CBC
digest algo: SHA1 (160 bit)
cert depth: one (client + server)
ip tun: 10.0.8.0/24
compression: no
ipv6: no
verb: 3
client specification:
digest algo: sha1
ca: ca
client cert: client (2048, sha1)
===openvpn config file===
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote server.com udp
verify-x509-name "ovpn-server" name
auth-user-pass
verb 3
when I connected to server, I see log SSL3_GET_SERVER_CERTIFICATE:certificate verify failed and OpenVPN disconnected.
I tried to delete and create. but still same.
Any idea?
Thank you.
God bless.
Logged
blackhiden
Newbie
Posts: 2
Karma: 0
Re: OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
«
Reply #1 on:
February 02, 2019, 10:25:51 am »
since I can login to shell, here my configuration file (server):
dev ovpns1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local (my public ip)
client-disconnect "/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh server1"
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'server' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.2048.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo no
persist-remote-ip
float
topology subnet
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
«
Reply #2 on:
February 04, 2019, 12:03:09 pm »
Hi,
There seems to be a mismatch between the expected certificate and the given one, or chain is incomplete, or... there's no way to tell from the config.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed