Page 1 of 1
Re: warning: No server certificate verification method enabl
Posted: Tue Aug 12, 2014 2:01 pm
by eng.mohamed8866
DID you find a solution for it ?
Re: warning: No server certificate verification method enabl
Posted: Thu Aug 21, 2014 5:47 am
by thisjun
Could you update the server to latest version and re-generate server certificate?
Re: warning: No server certificate verification method enabl
Posted: Thu Jul 16, 2015 6:13 am
by thisjun
Could you connect to the sever with configuration which is generated by SoftEther?
Re: warning: No server certificate verification method enabl
Posted: Sun Mar 19, 2017 5:20 am
by Decentralized Swag
This problem still exists today.
Can we have some kind of solution?
Can you confirm that this is simply an error in Softether (in which case we know we have to wait for the fix in the sources), or is this due to some kind of misconfiguration?
I have the exact same problem definition as the original topic starter.
To answer your question, YES, the client does connect with the .ovpn file generated by the Softether server. When it connects, the warning "warning: No server certificate verification method enabled" is displayed.
However, if we then add the settings mentioned above to the client config, we get those errors instead and the client does not connect.
Re: warning: No server certificate verification method enabl
Posted: Sun Mar 19, 2017 11:53 pm
by Decentralized Swag
Found a solution even though this is definitely a bug in SoftEther.
You guys should fix this.
Workaround:
As per
https://www.v13.gr/blog/?p=386,
if you put
remote-cert-tls server
remote-cert-ku f6
into the client OpenVPN config, it kinda works.
The problem here is that OpenVPN expects this special field in the certificate structure (ku) to be set to a certain value. This value is usually used for certificates that are to be used for VPN servers. It makes sense to check this, because if the field is not correct, it is possible that some client (not a VPN server), has gotten a certificate from the same certificate authority that the VPN server itself, and is trying to impersonate the server.
The provided workaround tells OpenVPN not to expect the field to be set correctly, and instead accept the value f6, which is what SoftEther puts in it's own generated certificates.
Re: warning: No server certificate verification method enabl
Posted: Fri Apr 07, 2017 9:06 am
by cedar
In my environment, that error did not reproduce.
What type of OpenVPN shows KU error?
Is it a fatal error, not a warning?
Re: warning: No server certificate verification method enabl
Posted: Fri Apr 28, 2017 7:56 am
by cedar
I think I can fix it.
Please tell me about the problematic environment.
What version of OpenVPN do you use?
It seems that latest version of OpenVPN (openvpn-install-2.4.1-I601.exe) can connect without problem.