Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: partsgaw on February 18, 2010, 09:57:35 AM
-
hi,
iv installed already the bridge interface and phpki and configured as well the certificates can u tell whats this error all about:
Enter Private Key Password:Thu Feb 18 16:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 18 16:50:24 2010 Cannot load private key file priv/key.pem: error:0906A068:PEM routines:PEM_do_header:bad password read: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Thu Feb 18 16:50:24 2010 Error: private key password verification failed
Thu Feb 18 16:50:24 2010 Exiting
Thu Feb 18 16:50:25 2010 OpenVPN 2.1_rc15 i386-redhat-linux-gnu [SSL] [LZO1] [EPOLL] built on Oct 25 2009
Thu Feb 18 16:50:25 2010 MANAGEMENT: TCP Socket listening on 127.0.0.1:11194
Thu Feb 18 16:50:25 2010 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Feb 18 16:50:25 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Feb 18 16:50:25 2010 Diffie-Hellman initialized with 1024 bit key
Enter Private Key Password:Thu Feb 18 16:50:25 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 18 16:50:25 2010 Cannot load private key file priv/key.pem: error:0906A068:PEM routines:PEM_do_header:bad password read: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Thu Feb 18 16:50:25 2010 Error: private key password verification failed
Thu Feb 18 16:50:25 2010 Exiting
thanks
-
Hi.
The problem here is that you've created a certificate for the serve rprotected with a password:
Cannot load private key file priv/key.pem: error:0906A068:PEM routines:PEM_do_header:bad password read: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
As explained here: http://wiki.contribs.org/OpenVPN_Bridge#Create_a_certificate_for_the_server you need to create a passwordless certificate so the daemon can be started automatically.
Regards.
-
thanks a lot, i already created certificate with no password and configured the certificates, but theres a new error occur can u analyzed this error:
Fri Feb 19 13:54:07 2010 112.202.29.0:1569 TLS: Initial packet from 112.202.29.0:1569, sid=05c75465 40d69bbd
Fri Feb 19 13:54:10 2010 112.202.29.0:1569 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=PH/ST=Cebu/L=Lapu-lapu/O=souhatsu/OU=Certificate_Authority/CN=PHPki_Certificate_Authority/emailAddress=archie@biz.phisl.net
Fri Feb 19 13:54:10 2010 112.202.29.0:1569 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Fri Feb 19 13:54:10 2010 112.202.29.0:1569 TLS Error: TLS object -> incoming plaintext read error
Fri Feb 19 13:54:10 2010 112.202.29.0:1569 TLS Error: TLS handshake failed
Fri Feb 19 13:54:10 2010 112.202.29.0:1569 SIGUSR1[soft,tls-error] received, client-instance restarting
-
There are two errors here.
- Looks like you haven't set the CA and the server certificate correctlyVERIFY ERROR: depth=1, error=self signed certificate in certificate chain- The client hasn't sent its certificate when the server requested him. Have you configured a certificate on the client side ?
TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Please, read the documentation carefully
http://wiki.contribs.org/OpenVPN_Bridge#Configure_the_certificates
http://wiki.contribs.org/OpenVPN_Bridge#Create_a_certificate_for_the_server
http://wiki.contribs.org/OpenVPN_Bridge#Create_the_certificate_with_PHPki
Regards
-
thanks alot VIP-ire!!! it solved my problem!!! by reconfiguring my ca certificate in the server, ur really genius...
Long Live SME, mabuhay ka VIP-ire!!!
regards