Openvpn Error

[cisco]

Hi
we have problem when I connected by openvpn on android phone I got this error

"OpenVPN Server certificate verification failed: PolarSSL: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"

any idea for resolving this problem?
please

[dnobori]

You have to put intermediate certificates and the root certificate on the "chain_certs" directory on your VPN Server program.

[dnobori]

We released SoftEther VPN 4.07 Build 9448 (June 6, 2014).

http://www.softether.org/5-download/history

The problem with OpenVPN Connect for Android 1.1.14 has been fixed. In the previous versions, OpenVPN Connect for Android 1.1.14 reports "PolarSSL Error" when it connects to the SoftEther VPN Server, if the server SSL certificate is self-signed root certificate. This X.509 certificate parsing problem is OpenVPN Connect's bug, however we performed work around for this OpenVPN Connect's bug. Please mind that you need to regenerate your self-signed root certificate in order to comply with OpenVPN Connect at once after upgrading the VPN Server to this version. To regenerate the certificate, use the GUI tool on VPN Server Manager, or execute the "ServerCertRegenerate" command on vpncmd.



The automated root certificate and intermediate certificates downloading function has been implemented. It is very helpful when you use a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. In previous versions, you had to install the root certificate and intermediate certificates manually into the "chain_certs" directory. On this version, you do not need any longer to do such a manual installation of chained certs.



The OpenVPN configuration file generating function identifies the root certificate correctly, in order to embed it as the "<ca>" inline directive in the auto-generated OpenVPN configuration file. It is very helpful if you are using a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. (In previous versions, you had to perform the editing task for the OpenVPN configuration file manually.)

[mesa57]

For resolving the SSL polar error I downloaded the latest version of SE server (arm) and installed on a Raspberry PI.
I generated a configuration file for openvpn and exported it to my android phone and imported it into openvpn.
Now : the connection works fine. But suddenly if I try after a few days I get the infamious "Polar SSL error".
Any solution ?

[thisjun]

I think that this topic is helpful.
http://www.vpnusers.com/viewtopic.php?f=7&t=3140

[mesa57]

I do not understand this solution :

[quote]
The Problem Solved , for install correct cert , must renamed to 1. First , 2. Second
Thanks dnobori , i install this chain and server and openvpn correctly installed , now everything perfect , if one person can't install , must in .ovpn chain insert for work , if chain not insert not work , thanks for helping me
i hope helpful
[/quote]

If have no own external certificates, I just use the .ovpn file generated by the softether server/

[mesa57]

I discovered that openvpn (connect) establishes connection after restarting the Softether server by rebooting the raspberry-pi.
But next day it gives then Polar-SSL error, or in case of the Openvpn for Android a TLS error.
Maybe someone can look into this issue that the certificate does not work after 1 day (or more) ?