Opened 5 years ago

Closed 4 years ago

#1172 closed User question (notabug)

Certificate failed

Reported by: ojaswini Owned by: Eric Crist
Priority: critical Milestone:
Component: easy-rsa Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: certificate failed
Cc:

Description

I crated new server certificate and below is the screenshot where the validity can be seen.

However, when I generated new client certificates I am getting the handshake failed error. Attached is the log file.
Also, attached are the old certificate and new certificate details.
Please suggest.

Attachments (3)

openvpn1.log (16.1 KB) - added by ojaswini 5 years ago.
log file
old_crt.txt (4.1 KB) - added by ojaswini 5 years ago.
old certificate
new_crt.txt (4.3 KB) - added by ojaswini 5 years ago.
new certificate

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by ojaswini

Attachment: openvpn1.log added

log file

Changed 5 years ago by ojaswini

Attachment: old_crt.txt added

old certificate

Changed 5 years ago by ojaswini

Attachment: new_crt.txt added

new certificate

comment:1 Changed 5 years ago by Selva Nair

The old certificate you posted is a server certificate, the new one is a client certificate

X509v3 Extended Key Usage:

TLS Web Client Authentication

If you are using that one on the server the client will reject it if --remote-cert-tls server is enabled on it, which is the recommended usage.

Generate a server certificate (one with TLS Web Server Authentication EKU) and use it on the server.

comment:2 Changed 4 years ago by tct

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.