[ale] OpenVPN test

David Tomaschik david at tuxteam.com
Wed Aug 25 20:59:29 EDT 2010 

That looks odd.  I've always used the easyrsa 2.0 script batch for
OpenVPN -- not sure if there's much different in the two.  Was the CN
and other fields filled in in creating the cert?

David


On 08/25/2010 08:19 PM, Chris Fowler wrote:
> I'm testing OpenVPN and I'm having some issues with the client verifying
> the certificate
>
> Wed Aug 25 20:16:58 2010 TCP connection established with
> [AF_INET]192.168.1.101:1194
> Wed Aug 25 20:16:58 2010 TCPv4_CLIENT link local: [undef]
> Wed Aug 25 20:16:58 2010 TCPv4_CLIENT link remote:
> [AF_INET]192.168.1.101:1194
> Wed Aug 25 20:16:59 2010 VERIFY ERROR: could not extract Common Name
> from X509 subject string ('') -- note that the Common Name length is
> limited to 64 characters
> Wed Aug 25 20:16:59 2010 TLS_ERROR: BIO read tls_read_plaintext error:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
> Wed Aug 25 20:16:59 2010 TLS Error: TLS object -> incoming plaintext
> read error
> Wed Aug 25 20:16:59 2010 TLS Error: TLS handshake failed
> Wed Aug 25 20:16:59 2010 Fatal TLS error (check_tls_errors_co),
> restarting
>
>
> Here is the certificate text:
> Data:
>         Version: 1 (0x0)
>         Serial Number: 1048578 (0x100002)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=US, ST=Georgia, L=Alpharetta, O=OutPost Sentinel LLC,
> OU=Support, CN=vts.opsdc.com/emailAddress=support at opsdc.com
>         Validity
>             Not Before: Aug 26 00:05:42 2010 GMT
>             Not After : Aug 23 00:05:42 2020 GMT
>         Subject: 
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>
> Apparently the CN info is not put into the Subject on the certificate.
> I'm generating these using the easyrsa/1.0 scripts in the openvpn source
> directory.
>
> Any ideas?
>
>
>   

-- 
David Tomaschik, RHCE
Ubuntu Community Member
Moderator, LinuxQuestions.org
GPG: 0x6D428695


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20100825/1d78ef2d/attachment.bin

More information about the Ale mailing list