[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problems with keys...


  • Subject: [Openvpn-users] Problems with keys...
  • From: "Francois Meehan" <fmml@xxxxxxxxxx>
  • Date: Thu, 27 Jan 2005 18:12:24 -0500 (EST)
  • Importance: Normal

Hi all,

I have installed the latest release (2 rc6) on my fedora server. I have an
XP client with same release.

I am doing test localy, all works ok with the sample keys.

I use XCA to generate my keys (works fine with apache), but the generated
keys or certificates are giving me problems:

Server:

Thu Jan 27 18:07:19 2005 us=854246 192.168.41.21:1807 Control Channel MTU
parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jan 27 18:07:19 2005 us=854299 192.168.41.21:1807 Data Channel MTU
parms [ L:1542 D:1450 EF:42 EB:23 ET:0 EL:0 AF:3/1 ]
Thu Jan 27 18:07:19 2005 us=854413 192.168.41.21:1807 Local Options
String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Thu Jan 27 18:07:19 2005 us=854461 192.168.41.21:1807 Expected Remote
Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-client'
Thu Jan 27 18:07:19 2005 us=854591 192.168.41.21:1807 Local Options hash
(VER=V4): '530fdded'
Thu Jan 27 18:07:19 2005 us=854659 192.168.41.21:1807 Expected Remote
Options hash (VER=V4): '41690919'
RThu Jan 27 18:07:19 2005 us=854872 192.168.41.21:1807 TLS: Initial packet
from 192.168.41.21:1807, sid=6612b578 fec20a7c
WRRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWThu Jan 27
18:07:23 2005 us=322875 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)


Client:

Thu Jan 27 17:33:40 2005 us=452846 BIO write tls_write_ciphertext 100 bytes
Thu Jan 27 17:33:40 2005 us=452859 Incoming Ciphertext -> TLS
Thu Jan 27 17:33:40 2005 us=453856 VERIFY ERROR: depth=0,
error=unsupported certificate purpose:
/CN=whoami7.cedval.org/C=CA/L=Notre-Dame-Ile-Perrot/ST=PQ/O=Cedval_Info_inc./OU=IT/emailAddress=francois@xxxxxxxxxx
Thu Jan 27 17:33:40 2005 us=480738 SSL alert (write): fatal: unsupported
certificate
Thu Jan 27 17:33:40 2005 us=480957 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
Thu Jan 27 17:33:40 2005 us=480975 TLS Error: TLS object -> incoming
plaintext read error
Thu Jan 27 17:33:40 2005 us=480986 TLS Error: TLS handshake failed

Any ideas?

Regards,

Francois


Random Thought:
---------------
A ship is always referred to as she because it costs so much to keep one in paint and powder. - Chester William Nimitz, 1885 - 1966

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users