Am getting a error trying to connect to my SoftEther VPN Server from my android phone:
OpenVPN Server certificate verification failed: PolarSSL: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Anyt ideas?
Thanks
OpenVPN Server Server Certificate Verification Failed
-
willrs
- Posts: 3
- Joined: Mon Jan 06, 2014 6:30 pm
-
JellyVPN
- Posts: 44
- Joined: Sun May 25, 2014 3:37 pm
- Contact:
Re: OpenVPN Server Server Certificate Verification Failed
i have some problem too ,
Installed Signed Certificated from Rapid SSL Correctly , but when Generated OpenVPN Sample Configuration , give some Error , OpenVPN Server certificate verification failed: PolarSSL: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
but when install default certificated on Softether OpenVPN Connect 1.1.3 Android Work Fine and OpenVPN 1.1.4 give some error too , but i need Signed Certificated because OpenVPN and SSTP need valid Certificated
Please Help me for solve this
Installed Signed Certificated from Rapid SSL Correctly , but when Generated OpenVPN Sample Configuration , give some Error , OpenVPN Server certificate verification failed: PolarSSL: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
but when install default certificated on Softether OpenVPN Connect 1.1.3 Android Work Fine and OpenVPN 1.1.4 give some error too , but i need Signed Certificated because OpenVPN and SSTP need valid Certificated
Please Help me for solve this
-
JellyVPN
- Posts: 44
- Joined: Sun May 25, 2014 3:37 pm
- Contact:
Re: OpenVPN Server Server Certificate Verification Failed
Not Worked with this program too ,
the problem about Softether i think so , Softether must update and fix this bug
the problem about Softether i think so , Softether must update and fix this bug
-
willrs
- Posts: 3
- Joined: Mon Jan 06, 2014 6:30 pm
Re: OpenVPN Server Server Certificate Verification Failed
I don't think its a bug per say. I downgraded to OpenVPN for Android version .12 and it is working fine. Now if they changed something in the code base, then yes, SoftEther needs to make the change. But this is not a bug they created.
-
JellyVPN
- Posts: 44
- Joined: Sun May 25, 2014 3:37 pm
- Contact:
Re: OpenVPN Server Server Certificate Verification Failed
So What's Problem ???
Connect Perfect on Server Default Certificated , But when install Signed Certificated from Rapid SSL , Polar SSL Error , i attach two picture and test OpenVPN Connect and OpenVPN Android , see error and tell me how fixed???
i place OpenVPN config , if you can help me , help me please
PLEASE SOMEONE HELP ME
OpenVPN Config:
###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.
###############################################################################
# Specify the type of the layer of the VPN connection.
#
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
# specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)
dev tun
###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
# Specify either 'proto tcp' or 'proto udp'.
proto udp
###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.
remote http://www.Mobi.JellyVPN.com 1194
###############################################################################
# The HTTP/HTTPS proxy setting.
#
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
###############################################################################
# The encryption and authentication algorithm.
#
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
#
# The supported algorithms are as follows:
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
# RC2-40-CBC RC2-64-CBC RC2-CBC
# auth: SHA SHA1 MD5 MD4 RMD160
cipher AES-128-CBC
auth SHA1
###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
# It is not recommended to modify it unless you have a particular need.
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.
<ca>
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIDEw44MA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTQwNTI2MTE0NTU0WhcNMTUwNTI0MDMzNjU0WjCBxDEpMCcGA1UEBRMgQ3lB
eGxmN3hCOGh5Uk1QSjJVT2gyRXMzRXo3dnRwT3oxEzARBgNVBAsTCkdUMzA2OTE0
ODQxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
U1NMKFIpMR4wHAYDVQQDExV3d3cubW9iaS5qZWxseXZwbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLwHMLbHWygH5LzwS83C8DSYaFY+FRCokT
ImAX49C8JjfH7dL7vWzSOfzgGatQ6kliH09EZLLvjTIvxhwvRtlC7b9CGkN5cQ+l
MprLjQPhlvoCktY3369inMcOWDMxc60glB5/21YBfGI77aM4g9XnOEs3OCoT9uNe
4NKFIrX54Ei0n5wvo4xRe1WvN6vHOOac9RDb4lTcWNDHS/EtnqZFLY/NMJnLsJGP
U13DnV4MQ14Xg6BEPctLrrYZ8zixit/Kejhgyj/W2Xw/u8Jjva0c6MUTO6Ll5vBq
*******
MA0GCSqGSIb3DQEBBQUAA4IBAQCrKMhDnjMAVHutDKnWl8uYHu3hr3qupxrsj44r
JijGehVg7zEFdVBIcM3z39hzlCValQQuzac5CqMUO76eFwVwagBrTA7AaBX8+wLi
H2DCozY9XBlWoLtjA8rZLW6FtIkax2TMSrKF+xqKKSk4kzzWvmG2erCa8N5rlE0V
8J9fXlXH/SE90tU0X7eH6Sgjz8b3koKveQJHUp0j9zOf5xM3co1f6AJUnhJ888/3
/RIET3EA57FSUSXZvWM/ljKidh0ILOng4AftMQ9TcyIfNuDZOqzYXxblzvlR/THX
bQRS39bB2i7XmeJWkJ5rXb4Ts5q6PBeGwBsCnHAHuYgF2Mof
-----END CERTIFICATE-----
</ca>
###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.
<cert>
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDExMzMzMz
NjA3NzI2NzgyOTg5NzAxMRwwGgYDVQQKExMzMzMzNjA3NzI2NzgyOTg5NzAxMRww
GgYDVQQLExMzMzMzNjA3NzI2NzgyOTg5NzAxMQswCQYDVQQGEwJVUzAeFw0xNDA1
MjcyMDU3MTNaFw0zNjEyMzEyMDU3MTNaMGcxHDAaBgNVBAMTEzMzMzM2MDc3MjY3
ODI5ODk3MDExHDAaBgNVBAoTEzMzMzM2MDc3MjY3ODI5ODk3MDExHDAaBgNVBAsT
EzMzMzM2MDc3MjY3ODI5ODk3MDExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAqp6bxCB6mWoGjTk26uJvrykw3PzUs/fn+f3dbnFP
****
U1Dbr8UkyT0+4p32ohyZZH909uCc56KRpu8Ro8rUX4NO75Z5GW/jCo3zGbf3sLYv
g1hW0RsnlaaoppYGOghsA5cuLkOy7aDWbH8EprGnVQhRRN8FHMiXh1Uzq6togL7x
I0PD1liWOKCkJwJ4O+xO8Lui/cgLwqhX7kz24jfzu3J9n4Zc0fe+xtn1fd9lJe0f
j8CMaOjXAJREI9iXrsnQXfdBgF4qj5omm4gk
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAqp6bxCB6mWoGjTk26uJvrykw3PzUs/fn+f3dbnFPqdJDYYqy
6cVyzvrNoND4pmWp7rOWT+TCzxnZ1gwbjOf02Mp0ud0AUheyJKxB/Vjwtv4ycX0U
ZgxumVsOrSdEuvOlgMsiRYOJV8m+GCtbKZ3O7Ic4WqtZQTk9M0jiiGd1DqotC0j7
*****
myy2iuM+D1KzvcgYCeEVwhPQsAzYognA3iix04PFR7QYeFGtk1KeXdZZmwztgTnI
RV5CZK6iqCeaXv9oJ2OuBH/5iniGcCjHcNGNCP5jy0CxVY60bVn1n8k=
-----END RSA PRIVATE KEY-----
</key>
Connect Perfect on Server Default Certificated , But when install Signed Certificated from Rapid SSL , Polar SSL Error , i attach two picture and test OpenVPN Connect and OpenVPN Android , see error and tell me how fixed???
i place OpenVPN config , if you can help me , help me please
PLEASE SOMEONE HELP ME
OpenVPN Config:
###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.
###############################################################################
# Specify the type of the layer of the VPN connection.
#
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
# specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)
dev tun
###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
# Specify either 'proto tcp' or 'proto udp'.
proto udp
###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.
remote http://www.Mobi.JellyVPN.com 1194
###############################################################################
# The HTTP/HTTPS proxy setting.
#
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
###############################################################################
# The encryption and authentication algorithm.
#
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
#
# The supported algorithms are as follows:
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
# RC2-40-CBC RC2-64-CBC RC2-CBC
# auth: SHA SHA1 MD5 MD4 RMD160
cipher AES-128-CBC
auth SHA1
###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
# It is not recommended to modify it unless you have a particular need.
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.
<ca>
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIDEw44MA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTQwNTI2MTE0NTU0WhcNMTUwNTI0MDMzNjU0WjCBxDEpMCcGA1UEBRMgQ3lB
eGxmN3hCOGh5Uk1QSjJVT2gyRXMzRXo3dnRwT3oxEzARBgNVBAsTCkdUMzA2OTE0
ODQxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
U1NMKFIpMR4wHAYDVQQDExV3d3cubW9iaS5qZWxseXZwbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLwHMLbHWygH5LzwS83C8DSYaFY+FRCokT
ImAX49C8JjfH7dL7vWzSOfzgGatQ6kliH09EZLLvjTIvxhwvRtlC7b9CGkN5cQ+l
MprLjQPhlvoCktY3369inMcOWDMxc60glB5/21YBfGI77aM4g9XnOEs3OCoT9uNe
4NKFIrX54Ei0n5wvo4xRe1WvN6vHOOac9RDb4lTcWNDHS/EtnqZFLY/NMJnLsJGP
U13DnV4MQ14Xg6BEPctLrrYZ8zixit/Kejhgyj/W2Xw/u8Jjva0c6MUTO6Ll5vBq
*******
MA0GCSqGSIb3DQEBBQUAA4IBAQCrKMhDnjMAVHutDKnWl8uYHu3hr3qupxrsj44r
JijGehVg7zEFdVBIcM3z39hzlCValQQuzac5CqMUO76eFwVwagBrTA7AaBX8+wLi
H2DCozY9XBlWoLtjA8rZLW6FtIkax2TMSrKF+xqKKSk4kzzWvmG2erCa8N5rlE0V
8J9fXlXH/SE90tU0X7eH6Sgjz8b3koKveQJHUp0j9zOf5xM3co1f6AJUnhJ888/3
/RIET3EA57FSUSXZvWM/ljKidh0ILOng4AftMQ9TcyIfNuDZOqzYXxblzvlR/THX
bQRS39bB2i7XmeJWkJ5rXb4Ts5q6PBeGwBsCnHAHuYgF2Mof
-----END CERTIFICATE-----
</ca>
###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.
<cert>
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDExMzMzMz
NjA3NzI2NzgyOTg5NzAxMRwwGgYDVQQKExMzMzMzNjA3NzI2NzgyOTg5NzAxMRww
GgYDVQQLExMzMzMzNjA3NzI2NzgyOTg5NzAxMQswCQYDVQQGEwJVUzAeFw0xNDA1
MjcyMDU3MTNaFw0zNjEyMzEyMDU3MTNaMGcxHDAaBgNVBAMTEzMzMzM2MDc3MjY3
ODI5ODk3MDExHDAaBgNVBAoTEzMzMzM2MDc3MjY3ODI5ODk3MDExHDAaBgNVBAsT
EzMzMzM2MDc3MjY3ODI5ODk3MDExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAqp6bxCB6mWoGjTk26uJvrykw3PzUs/fn+f3dbnFP
****
U1Dbr8UkyT0+4p32ohyZZH909uCc56KRpu8Ro8rUX4NO75Z5GW/jCo3zGbf3sLYv
g1hW0RsnlaaoppYGOghsA5cuLkOy7aDWbH8EprGnVQhRRN8FHMiXh1Uzq6togL7x
I0PD1liWOKCkJwJ4O+xO8Lui/cgLwqhX7kz24jfzu3J9n4Zc0fe+xtn1fd9lJe0f
j8CMaOjXAJREI9iXrsnQXfdBgF4qj5omm4gk
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAqp6bxCB6mWoGjTk26uJvrykw3PzUs/fn+f3dbnFPqdJDYYqy
6cVyzvrNoND4pmWp7rOWT+TCzxnZ1gwbjOf02Mp0ud0AUheyJKxB/Vjwtv4ycX0U
ZgxumVsOrSdEuvOlgMsiRYOJV8m+GCtbKZ3O7Ic4WqtZQTk9M0jiiGd1DqotC0j7
*****
myy2iuM+D1KzvcgYCeEVwhPQsAzYognA3iix04PFR7QYeFGtk1KeXdZZmwztgTnI
RV5CZK6iqCeaXv9oJ2OuBH/5iniGcCjHcNGNCP5jy0CxVY60bVn1n8k=
-----END RSA PRIVATE KEY-----
</key>
You do not have the required permissions to view the files attached to this post.
-
dnobori
- Posts: 228
- Joined: Tue Mar 05, 2013 10:04 am
Re: OpenVPN Server Server Certificate Verification Failed
If your VPN server uses RapidSSL's server certificate, you have to do the following things:
1. Place the root certificate and the intermediate certificate on the "chain_certs" directory.
2. The .ovpn configuration file must have the following <ca></ca> directive to specify the root certificate for RapidSSL.
<ca>
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
</ca>
The .ovpn file must have only single <ca> directive as the above.
1. Place the root certificate and the intermediate certificate on the "chain_certs" directory.
2. The .ovpn configuration file must have the following <ca></ca> directive to specify the root certificate for RapidSSL.
<ca>
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
</ca>
The .ovpn file must have only single <ca> directive as the above.
-
JellyVPN
- Posts: 44
- Joined: Sun May 25, 2014 3:37 pm
- Contact:
Re: OpenVPN Server Server Certificate Verification Failed
The Problem Solved , for install correct cert , must renamed to 1. First , 2. Second
Thanks dnobori , i install this chain and server and openvpn correctly installed , now everything perfect , if one person can't install , must in .ovpn chain insert for work , if chain not insert not work , thanks for helping me
i hope helpful
Thanks dnobori , i install this chain and server and openvpn correctly installed , now everything perfect , if one person can't install , must in .ovpn chain insert for work , if chain not insert not work , thanks for helping me
i hope helpful