|
|
Hi, i am trying to set up OpenVPN, i have problems with TLS. I tried to establish an OpenVPN using the provided certificates in the sample-keys directory, that works so i am sure, that everything is setup ok. With my own certificates, the client accepts the servers certificate: Tue Feb 3 09:57:31 2004 125[1]: VERIFY OK: depth=2, /C=DE/L=Tuebingen/O=None/OU=None/CN=Root.Patty.TestCA Tue Feb 3 09:57:31 2004 126[1]: VERIFY OK: depth=1, /C=DE/L=Tuebingen/O=None/OU=None/CN=ServerCerts.Patty.TestCA Tue Feb 3 09:57:31 2004 127[1]: VERIFY OK: depth=0, /C=DE/CN=patty-server.homeip.net/emailAddress=pattyh@xxxxxxx But the server rejects the clients certificate, although it has the same CA certificates PEM file: Tue Feb 3 09:57:11 2004 124[1]: VERIFY ERROR: depth=1, error=invalid CA certificate: /C=DE/L=Tuebingen/O=None/OU=None/CN=EmailCerts.Patty.TestCA I used pyca to setup my CA and it works for Apache Server/Client Authentication, the setup is the following: RootCA (signs other CA certificates) EmailCerts CA, Server Certs CA (sign CSRs) the server uses a certificate signed by Server Certs CA, the client one signed by EmailCerts CA. using openssl verify ... both certificates verify OK! I have tried to sign my client certificate with the Server Certs CA, but the result is the same (invalid CA certificate: ...) Any idea, what might be the problem, do i need to set some nsCertType parameters for my client certificates??? Thanks for any help, Patty ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |