Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: Drifting on July 26, 2016, 12:59:00 PM

Title: OpenVPN and PHPki
Post by: Drifting on July 26, 2016, 12:59:00 PM

Hi
Wonder if anyone can shed some light on a problem I am having.
I have installed as per the excellent contribs, the server bridge and phpki, in the past without issue on SME8.
However I have updated the server to SME9 and followed the same procedure to install OpenVPN and PHPki. All good thus far. Created a client with the PKCS bundle, and it works well.

I now try the server.pem, user.pem & user.key and all I get is :-

Tue Jul 26 11:29:54 2016 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Jul 26 11:29:54 2016 TLS_ERROR: BIO read tls_read_plaintext error
Tue Jul 26 11:29:54 2016 TLS Error: TLS object -> incoming plaintext read error
Tue Jul 26 11:29:54 2016 TLS Error: TLS handshake failed
Tue Jul 26 11:29:54 2016 SIGUSR1[soft,tls-error] received, process restarting

Which from my understanding mean the server cert is wrong? But why when the PKCS work?

Beginning to wonder if anything was restored from the previous version 8 when I upgraded.

Any help or suggestions welcome, this is all beyond my level really.

Regards Paul.

Title: Re: OpenVPN and PHPki
Post by: Daniel B. on July 26, 2016, 01:10:43 PM

You've used server.pem instead of the root CA

Title: Re: OpenVPN and PHPki
Post by: Drifting on July 26, 2016, 01:29:39 PM

Quote from: Daniel B. on July 26, 2016, 01:10:43 PM

You've used server.pem instead of the root CA

Thanks so much for replying, I must admit I thought I had done something wrong?

Trying hard not to sound like a complete idiot, I thought the server cert was as per the instructions, and I called mine the same openvpn-bridge, with the client being separate. Think I may be confused on where the right certificate is obtained. Sorry to be so dense. Would someone be so kind as to explain how to obtain, the right one? I have called the certs openvpn-bridge and client. I have gone into PHPki and select :-
Valid    16-Jul-12    21-Jul-12    openvpn-bridge    test    test   VPN, and then to download pem certificate. The same for the certificate and key for the client.

I have read as much as I can, but I have very poor eyesight and it takes me ages, so any help really welcome.

Paul.

Title: Re: OpenVPN and PHPki
Post by: Drifting on August 03, 2016, 05:50:26 PM

Well call me stupid, but no where did I see how to create the root.pem, thought it was an option to download? Anyway, just a simple cut and paste of the root certificate into txt document, rename it to whatever.pem and problem solved. Wish someone would have told me that, did not see it anywhere in the instructions. It assumed you could use the PKCS combined, in this particular instant I could not.

Hope it helps someone else just as dumb as me!

Paul.