Can't Export OpenVPN Client



  • Hello,
    I have my Comodo ssl certificate, Added CA and CRT in cert manager. Then I used it in OpenVPN configuration.
    When I try to export client I get an error as in 11th screenshot. Is there any solution of such problem?























  • Banned

    You apparently are missing bunch of intermediate certificates, plus… you should search this forum before trying to deploy certificates issued by public CA on a VPN.


  • LAYER 8 Global Moderator

    My guess would be the actual cert is referencing it different.. You put in bogus info for that CA and called it What you wanted to call it.. That is not actually what the cert references would be my guess.

    What exactly does this buy you may I ask?  I see no point in using anything other then self signed for this sort of thing..  If anything your actually lowering your overall security.  Because since your vpn server is using a cert that is signed by public.  In theory someone else could get a cert signed by this CA and use that to have your client think they are talking to your vpn.. Yeah its a bit tinfoil hatty and all.. But other than spending money or time you didn't really have to spend to get some other CA to create your cert and sign it..  I really don't see the point to this.. Your having to give your clients the info and certs to connect to your vpn.  So why not just give them your self signed ca at the same time?



  • @johnpoz:

    My guess would be the actual cert is referencing it different.. You put in bogus info for that CA and called it What you wanted to call it.. That is not actually what the cert references would be my guess.

    What exactly does this buy you may I ask?  I see no point in using anything other then self signed for this sort of thing..  If anything your actually lowering your overall security.  Because since your vpn server is using a cert that is signed by public.  In theory someone else could get a cert signed by this CA and use that to have your client think they are talking to your vpn.. Yeah its a bit tinfoil hatty and all.. But other than spending money or time you didn't really have to spend to get some other CA to create your cert and sign it..  I really don't see the point to this.. Your having to give your clients the info and certs to connect to your vpn.  So why not just give them your self signed ca at the same time?

    Im experiencing problems with connecting from macOS. I suppose that mac blocks cert signed by pfsense, cuz mac considers it untrusted. And now Im trying  to test it with Comodo cert, that previously trusted.


  • Rebel Alliance Developer Netgate

    Publicly signed certs have no business being on OpenVPN and no client would have problems because of that. You're making things much more difficult for no benefit.


Log in to reply