Open VPN handshake fail
-
hi guys
i've created a new openvpn using authontication domain controller radius. using this link
https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directoryhowever the connection is not working getting handshake failled, please find the below error.
the error i am getting is :
Fri Nov 13 09:55:33 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:33 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194
Fri Nov 13 09:55:33 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=NL, ST=Noord Brabant, L=heaven, O=centos, emailAddress=info@domain.nl, CN=ca.centos.nl
Fri Nov 13 09:55:33 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Nov 13 09:55:33 2015 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 13 09:55:33 2015 TLS Error: TLS handshake failed
Fri Nov 13 09:55:33 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 13 09:55:35 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:35 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194
Fri Nov 13 09:55:35 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=NL, ST=Noord Brabant, L=heaven, O=centos, emailAddress=info@domain.nl, CN=ca.centos.nl
Fri Nov 13 09:55:35 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Nov 13 09:55:35 2015 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 13 09:55:35 2015 TLS Error: TLS handshake failed
Fri Nov 13 09:55:35 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 13 09:55:37 2015 UDPv4 link local (bound): [undef]
Fri Nov 13 09:55:37 2015 UDPv4 link remote: [AF_INET]test.domain.com:1194 -
It says error=unsupported certificate purpose:
How did you generate your certificates? -
It says error=unsupported certificate purpose:
How did you generate your certificates?thank you for your answer,
i've generated the certificate exactly as showen herehttps://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
the same way worked on 2.2.4 but i am on 2.2.5
is this a bug on the 2.2.5 ?i managed to fix it ,
need to create server certificate. not user certificate.
thank you -
Hi Jamerson,
I'm having same issue. Could you please post steps on how and where did you create this certificate at.
Thank you,
-
The wizard is pretty much IDIOT proof, yet seems like every other day we have someone trying to use a user cert for the server…