Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey guys,
I am trying to setup an OpenVPN server using CentOS 5. I ahve installed everything, configs are good, server starts fine. I have generated my certificates using the easy-rsa 2.0 included with OpenVPN. I have downloaded all the certificates to my machine and setup my client to connect. I am having that typical problem everyone seems to have where my client says certificate verify failed. However I can use openssl on the server to verify and it is ok. What am I doing wrong here?
2010-12-07 08:44:33 MANAGEMENT: CMD 'hold release'
2010-12-07 08:44:33 SUCCESS: hold release succeeded
2010-12-07 08:44:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-12-07 08:44:33 Re-using SSL/TLS context
2010-12-07 08:44:33 LZO compression initialized
2010-12-07 08:44:33 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2010-12-07 08:44:33 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2010-12-07 08:44:33 Local Options hash (VER=V4): '41690919'
2010-12-07 08:44:33 Expected Remote Options hash (VER=V4): '530fdded'
2010-12-07 08:44:33 Socket Buffers: R=[42080->65536] S=[9216->65536]
2010-12-07 08:44:33 UDPv4 link local: [undef]
2010-12-07 08:44:33 UDPv4 link remote: 208.113.68.6:1194
2010-12-07 08:44:33
2010-12-07 08:44:33
2010-12-07 08:44:33 sid=56d529ca 9fa214c4
2010-12-07 08:44:33 error=certificate is not yet valid: /C=US/ST=GA/L=Atlanta/O=StarPound_Technologies/OU=IT/CN=StarPound_Technologies_CA/emailAddress=**MAKSED EMAIL TO PREVENT BOTS FROM GETTING IT**
2010-12-07 08:44:33 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2010-12-07 08:44:33 TLS Error: TLS object -> incoming plaintext read error
2010-12-07 08:44:33 TLS Error: TLS handshake failed
2010-12-07 08:44:33 TCP/UDP: Closing socket
2010-12-07 08:44:33 process restarting
2010-12-07 08:44:33
I just dont get it, I have racked my brain and google until my eyes bleed and can not figure this one out. I am sure it is something simple that I am missing. Can anyone help?
I found my time was off on my server but I adjusted it (ntpdate and timezone adjustment). I set crontob to do a time sync every 30 minutes. Now times match and I am still getting verification failed.
I found my time was off on my server but I adjusted it (ntpdate and timezone adjustment). I set crontob to do a time sync every 30 minutes. Now times match and I am still getting verification failed.
But -- when you created the certificates -- was the time off? Were they created correctly? With the correct timezone and all? Is there a valid date/time range on them that is some time in the future?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
