Hi i have problems with certficates
i try make a certificate make for me but....
i try login log:
Thu May 22 14:03:59 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu May 22 14:03:59 2014 Re-using SSL/TLS context
Thu May 22 14:03:59 2014 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 22 14:03:59 2014 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Thu May 22 14:03:59 2014 Local Options hash (VER=V4): '8326dbaa'
Thu May 22 14:03:59 2014 Expected Remote Options hash (VER=V4): 'b7f67de4'
Thu May 22 14:03:59 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu May 22 14:03:59 2014 UDPv4 link local: [undef]
Thu May 22 14:03:59 2014 UDPv4 link remote: 191.96.x.x:x
Thu May 22 14:03:59 2014 TLS: Initial packet from 191.96.x.x:x, sid=9c59cd4b db0dc5d0
Thu May 22 14:03:59 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu May 22 14:03:59 2014 VERIFY ERROR: depth=0, error=self signed certificate: /CN=ale2014.softether.net/O=a@gmail.com/OU=ou/C=CL/ST=ALE/L=ALE
Thu May 22 14:03:59 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu May 22 14:03:59 2014 TLS Error: TLS object -> incoming plaintext read error
Thu May 22 14:03:59 2014 TLS Error: TLS handshake failed
Thu May 22 14:03:59 2014 TCP/UDP: Closing socket
Thu May 22 14:03:59 2014 SIGUSR1[soft,tls-error] received, process restarting
Thu May 22 14:03:59 2014 Restart pause, 2 second(s)
Thu May 22 14:04:01 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
how fix this problme ?
i new user in softether
thanks.
CERTIFICATE CLONE OPENVPN
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: CERTIFICATE CLONE OPENVPN
I think you use certificate which is generated by wrong maybe.
Please see https://forums.openvpn.net/topic12623.html
It's look like same problem as you.(I don't know your problem is same as this link)
Please see https://forums.openvpn.net/topic12623.html
It's look like same problem as you.(I don't know your problem is same as this link)
-
dnobori
- Posts: 228
- Joined: Tue Mar 05, 2013 10:04 am
Re: CERTIFICATE CLONE OPENVPN
We released SoftEther VPN 4.07 Build 9448 (June 6, 2014).
http://www.softether.org/5-download/history
The problem with OpenVPN Connect for Android 1.1.14 has been fixed. In the previous versions, OpenVPN Connect for Android 1.1.14 reports "PolarSSL Error" when it connects to the SoftEther VPN Server, if the server SSL certificate is self-signed root certificate. This X.509 certificate parsing problem is OpenVPN Connect's bug, however we performed work around for this OpenVPN Connect's bug. Please mind that you need to regenerate your self-signed root certificate in order to comply with OpenVPN Connect at once after upgrading the VPN Server to this version. To regenerate the certificate, use the GUI tool on VPN Server Manager, or execute the "ServerCertRegenerate" command on vpncmd.
The automated root certificate and intermediate certificates downloading function has been implemented. It is very helpful when you use a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. In previous versions, you had to install the root certificate and intermediate certificates manually into the "chain_certs" directory. On this version, you do not need any longer to do such a manual installation of chained certs.
The OpenVPN configuration file generating function identifies the root certificate correctly, in order to embed it as the "<ca>" inline directive in the auto-generated OpenVPN configuration file. It is very helpful if you are using a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. (In previous versions, you had to perform the editing task for the OpenVPN configuration file manually.)
http://www.softether.org/5-download/history
The problem with OpenVPN Connect for Android 1.1.14 has been fixed. In the previous versions, OpenVPN Connect for Android 1.1.14 reports "PolarSSL Error" when it connects to the SoftEther VPN Server, if the server SSL certificate is self-signed root certificate. This X.509 certificate parsing problem is OpenVPN Connect's bug, however we performed work around for this OpenVPN Connect's bug. Please mind that you need to regenerate your self-signed root certificate in order to comply with OpenVPN Connect at once after upgrading the VPN Server to this version. To regenerate the certificate, use the GUI tool on VPN Server Manager, or execute the "ServerCertRegenerate" command on vpncmd.
The automated root certificate and intermediate certificates downloading function has been implemented. It is very helpful when you use a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. In previous versions, you had to install the root certificate and intermediate certificates manually into the "chain_certs" directory. On this version, you do not need any longer to do such a manual installation of chained certs.
The OpenVPN configuration file generating function identifies the root certificate correctly, in order to embed it as the "<ca>" inline directive in the auto-generated OpenVPN configuration file. It is very helpful if you are using a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. (In previous versions, you had to perform the editing task for the OpenVPN configuration file manually.)