|
Size: 1201
Comment:
|
Size: 1611
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 10: | Line 10: |
| * {{{ VERIFY ERROR: depth=1, error=unhandled critical extension: CN= }}} * and {{{ OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed }}} * verify with {{{ $ openssl verify -CAfile ca.pem server.pem CN = test_ca_20180712_20h31 error 34 at 1 depth lookup: unhandled critical extension error server.pem: verification failed }}} |
OpenVpn Notes and example
- Linux VPN using ssl for encryption, with clients for Android and Windows.
Using more than one CA, stacked in same file https://community.openvpn.net/openvpn/wiki/Using_Certificate_Chains
- 2018 - Using PSK(pre-shared keys) only a point to point link can be established, for a server with multiple clients use CA and certs.
2018 Python script to gen selfsigned certs and client certs https://gist.github.com/diepes/a7c3a53ed94c587803e20e6576ea4525#file-openvpn_gen-py
idea is to create them, thow away ca key, deploy config. When adding re-gen or stack server CA
Errors
VERIFY ERROR: depth=1, error=unhandled critical extension: CN=
and OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
verify with
$ openssl verify -CAfile ca.pem server.pem CN = test_ca_20180712_20h31 error 34 at 1 depth lookup: unhandled critical extension error server.pem: verification failed
openvpn: VERIFY ERROR: depth=0, could not extract X509 subject string from certificate
- Caused by not adding a CN to the certificate when created.
openvpn[...]: TLS Error: Unroutable control packet received from [AF_INET] ... (si=3 op=P_CONTROL_V1)
Add client to config in addition to tls-client to allow client to accept ip from server
remove topology mode setting from client.'
...