[ale] OpenVPN test

Chris Fowler cfowler at outpostsentinel.com
Wed Aug 25 20:19:41 EDT 2010


I'm testing OpenVPN and I'm having some issues with the client verifying
the certificate

Wed Aug 25 20:16:58 2010 TCP connection established with
[AF_INET]192.168.1.101:1194
Wed Aug 25 20:16:58 2010 TCPv4_CLIENT link local: [undef]
Wed Aug 25 20:16:58 2010 TCPv4_CLIENT link remote:
[AF_INET]192.168.1.101:1194
Wed Aug 25 20:16:59 2010 VERIFY ERROR: could not extract Common Name
from X509 subject string ('') -- note that the Common Name length is
limited to 64 characters
Wed Aug 25 20:16:59 2010 TLS_ERROR: BIO read tls_read_plaintext error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
Wed Aug 25 20:16:59 2010 TLS Error: TLS object -> incoming plaintext
read error
Wed Aug 25 20:16:59 2010 TLS Error: TLS handshake failed
Wed Aug 25 20:16:59 2010 Fatal TLS error (check_tls_errors_co),
restarting


Here is the certificate text:
Data:
        Version: 1 (0x0)
        Serial Number: 1048578 (0x100002)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Georgia, L=Alpharetta, O=OutPost Sentinel LLC,
OU=Support, CN=vts.opsdc.com/emailAddress=support at opsdc.com
        Validity
            Not Before: Aug 26 00:05:42 2010 GMT
            Not After : Aug 23 00:05:42 2020 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)

Apparently the CN info is not put into the Subject on the certificate.
I'm generating these using the easyrsa/1.0 scripts in the openvpn source
directory.

Any ideas?






More information about the Ale mailing list