[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] certificate failed verification after upgrade


  • Subject: [Openvpn-users] certificate failed verification after upgrade
  • From: Nik <openvpn@xxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 4 Jan 2005 18:18:20 +1100

This is for the information of others, and to alert people to this, in case no 
one knows. I have solved the problem - and must compliment everyone involved 
with openVPN.

I upgraded from 1.5.0 to OpenVPN 2.0_rc1. After the upgrade, the server failed 
to verify the client's certificate.

The issue is that the certificate had spaces in the organisation name. 
Previously, the spaces were converted to dots. So if I use the organisation 
name "My Cool Co" when making the certificate, I have to tell openvpn to 
validate (eg with tls-remote) "My.Cool.Co".

However, after the upgrade, openvpn is now looking for a string with 
underscores in place of the spaces. Hence, it told me "My.Cool.Co" did not 
match "My_Cool_Co". The fix was simply to change the tls-remote string in the 
server's config file.

I am not sure if this is caused by openSSL, or openvpn, or something else.

Before the upgrade, I had the following setup:

Server
RedHat 7.1
openssl 0.9.6-3
openvpn 1.5.0


Client
RedHat 9.0
openssl 0.9.7a-2
openvpn 1.5.0


After the upgrade, I have:

Server
RedHat 9.0
openssl 0.9.7a-2
openvpn 2.0 rc1


Client
RedHat 9.0
openssl 0.9.7a-2
openvpn 2.0 rc1


Cheers!
Nik


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users