Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Nov 2009
    Posts
    32

    Default self signed certificate in certificate chain

    Log States :
    Code:
    Wed Jan 13 06:48:40 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
    Wed Jan 13 06:48:40 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed Jan 13 06:48:40 2010 LZO compression initialized
    Wed Jan 13 06:48:40 2010 UDPv4 link local: [undef]
    Wed Jan 13 06:48:40 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
    Wed Jan 13 06:48:40 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /CN=ca.does.not.exists/C=US/ST=PA/L=Monroeville/O=smatech/OU=937664e3580d0c40/dnQualifier=certificateAuthority
    Wed Jan 13 06:48:40 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Wed Jan 13 06:48:40 2010 TLS Error: TLS object -> incoming plaintext read error
    Wed Jan 13 06:48:40 2010 TLS Error: TLS handshake failed
    Wed Jan 13 06:48:40 2010 SIGTERM[soft,tls-error] received, process exiting
    thoughts?

  2. #2
    Untangler
    Join Date
    Nov 2009
    Posts
    32

    Default

    Have removed the client from untangle, uninstalled openvpn, deleted the openvpn program folder, recreated client in untangle, reinstalled new client, and still get this error. Has anyone seen it before?
    http://www.teamlogicit.com/businesses/monroevillepa801/
    http://www.sma-technology.com

  3. #3
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,790

    Default

    When you went through the registration process, did you fill in the blanks or leave stuff blank? The error appears that you may have skipped some data entry.
    This space reserved for profound thought.....which does happen on occasion."

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,544

    Default

    Hi tsarles,

    Verify your CA.

    Open a CMD.
    CD to the Bin folder in Openvpn

    Now run:
    Code:
    openssl.exe verify -CAfile c:\..\..\client\ca.crt c:\..\..\client\client.crt
    Replace ..\.. with the path to your OpenVPN folder.

  5. #5
    Untangler
    Join Date
    Nov 2009
    Posts
    32

    Default

    The openssl verify gives me an "OK"

    This untangle install initally worked. I have several other clients that still work fine. I think this one is failing, because I created the client entry since I was screwing around, and went to Admin > Certificates > Generate a Certificate .

    When I generate a certificate here, is there a way to reverse this? Is there a path I can go to and delete the new cert?

    or... if you have a better idea, I'd go with that too
    http://www.teamlogicit.com/businesses/monroevillepa801/
    http://www.sma-technology.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2