Fails to read client file

Scripts to manage certificates or generate config files
jslozier
OpenVpn Newbie
Posts: 1
Joined: Sun May 28, 2017 3:19 pm

Fails to read client file

Postby jslozier » Sun May 28, 2017 3:22 pm

When recently trying to connect with openvpn I am getting the following:

[petros-pc petros]# openvpn
/home/petros/Documents/WRRonline/cert-vpn/client.conf
Thu May 25 19:06:29 2017 WARNING: file
'/home/petros/Documents/WRRonline/cert-vpn/jlozier-key.pem' is group or
others accessible
Thu May 25 19:06:29 2017 OpenVPN 2.4.2 x86_64-unknown-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May
11 2017
Thu May 25 19:06:29 2017 library versions: OpenSSL 1.1.0e 16 Feb 2017,
LZO 2.10
Enter Auth Username: ************
Enter Auth Password: ************
Thu May 25 19:06:39 2017 WARNING: --ns-cert-type is DEPRECATED. Use
--remote-cert-tls instead.
Thu May 25 19:06:39 2017 OpenSSL: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
Thu May 25 19:06:39 2017 *Cannot load certificate file
/home/petros/Documents/******/cert-vpn/jlozier-cert.pem*
Thu May 25 19:06:39 2017 Exiting due to fatal error
[petros-pc petros]# cd Documents/*****/cert-vpn
[petros-pc cert-vpn]# ls
antenna.*****.com.ovpn client.conf
client-jlozier-cert.pem client-jlozier-key.pem.old
connection.vpn jlozier_files jlozier-key.pem
ca-cert.pem client.conf.old
client-jlozier-cert.pem.old1 client-jlozier.p12
jlozier-cert.pem jlozier.html
[petros-pc cert-vpn]# pwd
/home/petros/Documents/*****/cert-vpn

The path is correct and this just started about 2 weeks ago. Previously I
have had no problems with connecting. I have tried reentering the path
without success.

Manjaro (Arch) Linux fully patched, openvpn version 2.4.2 x86_64.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2715
Joined: Fri Jun 03, 2016 1:17 pm

Re: Fails to read client file

Postby TinCanTech » Sun May 28, 2017 4:28 pm

jslozier wrote:Thu May 25 19:06:39 2017 OpenSSL: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
Thu May 25 19:06:39 2017 *Cannot load certificate file
/home/petros/Documents/******/cert-vpn/jlozier-cert.pem*
I expect your PKI is using 1024 bit (or less) and so now openssl will refuse to use it ..

Upgrade your PKI to 2048 bit or more ..


Return to “Cert / Config management”

Who is online

Users browsing this forum: No registered users and 2 guests