[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problem with TLS

  • Subject: Re: [Openvpn-users] Problem with TLS
  • From: John Locke <mail@xxxxxxxxxxxx>
  • Date: Tue, 03 Feb 2004 07:51:11 -0800
Do you have the -ca parameter set correctly in your server's OpenVPN
config file?

Cheers,
-- 
John Locke
Open Source solutions for small business problems
http://freelock.com
On Tue, 2004-02-03 at 01:04, Pattrick Hueper wrote:
> Hi,
> 
> i am trying to set up OpenVPN, i have problems with TLS.
> 
> I tried to establish an OpenVPN using the provided certificates in the 
> sample-keys directory, that works so i am sure, that everything is setup ok.
> 
> With my own certificates, the client accepts the servers certificate:
> 
> Tue Feb  3 09:57:31 2004 125[1]: VERIFY OK: 
> depth=2, /C=DE/L=Tuebingen/O=None/OU=None/CN=Root.Patty.TestCA
> Tue Feb  3 09:57:31 2004 126[1]: VERIFY OK: 
> depth=1, /C=DE/L=Tuebingen/O=None/OU=None/CN=ServerCerts.Patty.TestCA
> Tue Feb  3 09:57:31 2004 127[1]: VERIFY OK: 
> depth=0, /C=DE/CN=patty-server.homeip.net/emailAddress=pattyh@xxxxxxx
> 
> But the server rejects the clients certificate, although it has the same CA 
> certificates PEM file:
> 
> Tue Feb  3 09:57:11 2004 124[1]: VERIFY ERROR: depth=1, error=invalid CA 
> certificate: /C=DE/L=Tuebingen/O=None/OU=None/CN=EmailCerts.Patty.TestCA
> 
> I used pyca to setup my CA and it works for Apache Server/Client 
> Authentication, the setup is the following:
> 
> RootCA (signs other CA certificates)
> 
> EmailCerts CA,  Server Certs CA  (sign CSRs)
> 
> the server uses a certificate signed by Server Certs CA, the client one signed 
> by EmailCerts CA.
> 
> using openssl verify ... both certificates verify OK! 
> 
> I have tried to sign my client certificate with the Server Certs CA, but the 
> result is the same (invalid CA certificate: ...)
> 
> Any idea, what might be the problem, do i need to set some nsCertType 
> parameters for my client certificates???
> 
> Thanks for any help,
> 
> Patty
> 





-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users