worm5252 |
12-07-2010 07:50 AM |
OpenVPN certificates failing error
Hey guys,
I am trying to setup an OpenVPN server using CentOS 5. I ahve installed everything, configs are good, server starts fine. I have generated my certificates using the easy-rsa 2.0 included with OpenVPN. I have downloaded all the certificates to my machine and setup my client to connect. I am having that typical problem everyone seems to have where my client says certificate verify failed. However I can use openssl on the server to verify and it is ok. What am I doing wrong here?
Code:
[root@GSFOVPNxxx01 openvpn]# openssl verify -CAfile ca.crt gg-jbloomer.crt
gg-jbloomer.crt: OK
[root@GSFOVPNxxx01 openvpn]#
client output
Code:
2010-12-07 08:44:33 MANAGEMENT: CMD 'hold release'
2010-12-07 08:44:33 SUCCESS: hold release succeeded
2010-12-07 08:44:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-12-07 08:44:33 Re-using SSL/TLS context
2010-12-07 08:44:33 LZO compression initialized
2010-12-07 08:44:33 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2010-12-07 08:44:33 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2010-12-07 08:44:33 Local Options hash (VER=V4): '41690919'
2010-12-07 08:44:33 Expected Remote Options hash (VER=V4): '530fdded'
2010-12-07 08:44:33 Socket Buffers: R=[42080->65536] S=[9216->65536]
2010-12-07 08:44:33 UDPv4 link local: [undef]
2010-12-07 08:44:33 UDPv4 link remote: 208.113.68.6:1194
2010-12-07 08:44:33
2010-12-07 08:44:33
2010-12-07 08:44:33 sid=56d529ca 9fa214c4
2010-12-07 08:44:33 error=certificate is not yet valid: /C=US/ST=GA/L=Atlanta/O=StarPound_Technologies/OU=IT/CN=StarPound_Technologies_CA/emailAddress=**MAKSED EMAIL TO PREVENT BOTS FROM GETTING IT**
2010-12-07 08:44:33 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2010-12-07 08:44:33 TLS Error: TLS object -> incoming plaintext read error
2010-12-07 08:44:33 TLS Error: TLS handshake failed
2010-12-07 08:44:33 TCP/UDP: Closing socket
2010-12-07 08:44:33 process restarting
2010-12-07 08:44:33
I just dont get it, I have racked my brain and google until my eyes bleed and can not figure this one out. I am sure it is something simple that I am missing. Can anyone help?
|