[Solved] Unable to get local issuer certificate: CN=localhost
-
Hi, I am starting to play with OpenVPN server running on pfSense, and I am stuck.
Using the pfSense Certificate manager, I created the CA, Server Certificate, User Certificate, and revocation list. I created the OpenVPN server, and opened the appropriate UDP port.
When a remote client tries to connect, here is what I see in the server logs:
Jul 7 19:10:13 openvpn[70344]: <client ip="">: <port>VERIFY ERROR: depth=0, error=unable to get local issuer certificate: CN=localhost Jul 7 19:10:13 openvpn[70344]: <client ip="">: <port>TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Jul 7 19:10:13 openvpn[70344]: <client ip="">: <port>TLS Error: TLS object -> incoming plaintext read error Jul 7 19:10:13 openvpn[70344]: <client ip="">: <port>TLS Error: TLS handshake failed</port></client></port></client></port></client></port></client>Then the client times out after 60 seconds, and tries to connect again.
Does the server log tell you anything? Why is the “CN=localhost”, that does not match any of the common names I configured?
Thank you.
-
Where did you get the certificate for the remote client?
-
Where did you get the certificate for the remote client?
I created all certificates in the pfSense Certificate Manager. And then I used the “OpenVPN Client Export Utility” to copy the configuration to the client (four files, ending with: ovpn, p12, ca.crt and tls.key).
My OpenVPN server configuration is “Remote Access (SSL/TLS + User Auth)” with RADIUS backend. But it does not look like I am getting to the Authentication part, I am getting stuck before that.
-
I got it working. The p12 file was password-protected and needed to be installed into the certificate store before OpenVPN client could use it. Thank you.
-
Glad it worked out :)
-
I started to get this exact same error again all of the sudden. The server certificate is still in the client store. I do not understand what happened.
I enabled pfSence SSH shell access not long ago. Could that have screwed with my certificates somehow?
-
I reexported and reinstalled the client bundle, and OpenVPN is working again.
What do you think happened?
-
Just to let you know that I had this same error when check Microsoft Certificate Storage. I just have test it in Windows 10.
