Fails to read client file

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
jslozier
OpenVpn Newbie
Posts: 1
Joined: Sun May 28, 2017 3:19 pm

Fails to read client file

Post by jslozier » Sun May 28, 2017 3:22 pm

When recently trying to connect with openvpn I am getting the following:

[petros-pc petros]# openvpn
/home/petros/Documents/WRRonline/cert-vpn/client.conf
Thu May 25 19:06:29 2017 WARNING: file
'/home/petros/Documents/WRRonline/cert-vpn/jlozier-key.pem' is group or
others accessible
Thu May 25 19:06:29 2017 OpenVPN 2.4.2 x86_64-unknown-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May
11 2017
Thu May 25 19:06:29 2017 library versions: OpenSSL 1.1.0e 16 Feb 2017,
LZO 2.10
Enter Auth Username: ************
Enter Auth Password: ************
Thu May 25 19:06:39 2017 WARNING: --ns-cert-type is DEPRECATED. Use
--remote-cert-tls instead.
Thu May 25 19:06:39 2017 OpenSSL: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
Thu May 25 19:06:39 2017 *Cannot load certificate file
/home/petros/Documents/******/cert-vpn/jlozier-cert.pem*
Thu May 25 19:06:39 2017 Exiting due to fatal error
[petros-pc petros]# cd Documents/*****/cert-vpn
[petros-pc cert-vpn]# ls
antenna.*****.com.ovpn client.conf
client-jlozier-cert.pem client-jlozier-key.pem.old
connection.vpn jlozier_files jlozier-key.pem
ca-cert.pem client.conf.old
client-jlozier-cert.pem.old1 client-jlozier.p12
jlozier-cert.pem jlozier.html
[petros-pc cert-vpn]# pwd
/home/petros/Documents/*****/cert-vpn

The path is correct and this just started about 2 weeks ago. Previously I
have had no problems with connecting. I have tried reentering the path
without success.

Manjaro (Arch) Linux fully patched, openvpn version 2.4.2 x86_64.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Fails to read client file

Post by TinCanTech » Sun May 28, 2017 4:28 pm

jslozier wrote:Thu May 25 19:06:39 2017 OpenSSL: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
Thu May 25 19:06:39 2017 *Cannot load certificate file
/home/petros/Documents/******/cert-vpn/jlozier-cert.pem*
I expect your PKI is using 1024 bit (or less) and so now openssl will refuse to use it ..

Upgrade your PKI to 2048 bit or more ..

Post Reply