Opened 14 years ago

Closed 12 years ago

#33 closed Bug / Defect (invalid)

openvpn client cannot load certificate using "THUMB"

Reported by: wdehoog Owned by:
Priority: major Milestone:
Component: Certificates Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

When using the OpenVPN client software to connect using a profile (imported a configfile from a previous version) connection fails and the log file shows:

Sun Aug 15 20:19:47 2010 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Sun Aug 15 20:19:47 2010 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Sun Aug 15 20:19:47 2010 MANAGEMENT: Connected to management server at 127.0.0.1:64386
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'log on'
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'state on'
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'echo on'
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'bytecount 5'
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'hold off'
Sun Aug 15 20:19:47 2010 MANAGEMENT: CMD 'hold release'
Sun Aug 15 20:19:47 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Aug 15 20:19:47 2010 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Aug 15 20:19:48 2010 MANAGEMENT: Client disconnected
Sun Aug 15 20:19:48 2010 Cannot load certificate "THUMB: xxxx..." from Microsoft Certificate Store: error:C5065064:microsoft cryptoapi:CertFindCertificateInStore:Cannot find object or property.
Sun Aug 15 20:19:48 2010 Exiting

However when started from the commandline:

core\openvpn.exe etc\profile\smurver_p0770.ovpn

it is capable of loading the certificate and the connection is established.

Change History (2)

comment:1 Changed 13 years ago by JJK

This bug is related to OpenVPN Access Server and not the community product.

My bet is that the OpenVPN AS daemon is running as a system user, i.e. not as the user who is currently logged in. Accessing certificates from the crypto store is affected by this, that is, if the OpenVPN AS service access the crypto store it "sees" different certificates than the user who is currently logged in.

Try loading the certificate into the local system account and try again.

comment:2 Changed 12 years ago by Samuli Seppänen

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.