Hi JJK at 08.04.2014 15:09, Jan Just Keijser wrote: ... >> >> Anyone found a _real_ reason for this error? >> > openvpn (and openssl) will trust a self-signed certificate if it is used > as a trusted CA cert; this is what the "ca ...." option is used for. > Which machine is reporting the error? the client or the server? is the > right CA cert installed on that machine? do you use intermediate CAs (in > which case you need to use certificate chains) ?
I am using a PKCS#12 file generated directly with XCA (which is using openssl below the hood anyway). I imported the servers PKCS#12 file for comparison and the CA certificate matches. I then created a newly signed client key from the one imported in XCA > > You can also mail me the entire public certificate chain and I can check > if there's something wrong with it. Sure > > Finally, the version of openvpn and esp openssl used DOES matter - so > can you post which versions of openvpn and openssl you are using (and > we'll both ignore the replies from people saying that openvpn 2.0.9 is > no longer supported bla blah ;)) :-) Server is something of 2.0.x need to check deeper Client is more recent... where is the version in a M$ client cheers Erich ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
