Open VPN handshake fail

Jamerson

hi guys
i've created a new openvpn using authontication domain controller radius. using this link
https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

however the connection is not working getting handshake failled, please find the below error.

the error i am getting is :

Fri Nov 13 09:55:33 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:33 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194
Fri Nov 13 09:55:33 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=NL, ST=Noord Brabant, L=heaven, O=centos, emailAddress=info@domain.nl, CN=ca.centos.nl
Fri Nov 13 09:55:33 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Nov 13 09:55:33 2015 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 13 09:55:33 2015 TLS Error: TLS handshake failed
Fri Nov 13 09:55:33 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 13 09:55:35 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:35 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194
Fri Nov 13 09:55:35 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=NL, ST=Noord Brabant, L=heaven, O=centos, emailAddress=info@domain.nl, CN=ca.centos.nl
Fri Nov 13 09:55:35 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Nov 13 09:55:35 2015 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 13 09:55:35 2015 TLS Error: TLS handshake failed
Fri Nov 13 09:55:35 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 13 09:55:37 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:37 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194

thermo

It says error=unsupported certificate purpose:
How did you generate your certificates?

Jamerson

@thermo:

It says error=unsupported certificate purpose:
How did you generate your certificates?

thank you for your answer,
i've generated the certificate exactly as showen here

https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

the same way worked on 2.2.4 but i am on 2.2.5
is this a bug on the 2.2.5 ?

i managed to fix it ,

need to create server certificate. not user certificate.
thank you

Ami

Hi Jamerson,

I'm having same issue. Could you please post steps on how and where did you create this certificate at.

Thank you,

johnpoz

The wizard is pretty much IDIOT proof, yet seems like every other day we have someone trying to use a user cert for the server…

wizardservercert.png_thumb