Client install not working- errors
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Client install not working- errors
So I followed directions from Liquid Web to install OpenVPN on my server and laptop. The server host install seems OK but I am stuck trying to get the laptop client working. When I run # openvpn /etc/openvpn/client.conf this is the error message I get.
Thu Oct 15 20:16:50 2015 OpenVPN 2.3.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 4 2015
Thu Oct 15 20:16:50 2015 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Thu Oct 15 20:16:50 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 15 20:16:50 2015 Cannot load certificate file /etc/openvpn/easy-rsa/keys/client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Thu Oct 15 20:16:50 2015 Exiting due to fatal error
Where do I go from here?
Running Linux CentOS 7 on both.
Thu Oct 15 20:16:50 2015 OpenVPN 2.3.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 4 2015
Thu Oct 15 20:16:50 2015 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Thu Oct 15 20:16:50 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 15 20:16:50 2015 Cannot load certificate file /etc/openvpn/easy-rsa/keys/client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Thu Oct 15 20:16:50 2015 Exiting due to fatal error
Where do I go from here?
Running Linux CentOS 7 on both.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Client install not working- errors
This suggests there is something wrong with your client.crtdthommail wrote:Cannot load certificate file /etc/openvpn/easy-rsa/keys/client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Did you use easy-rsa to create your PKI ?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
Yes, I used easy-rsa. Any assistance you can offer would be greatly appreciated.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
Yes, I used easy-rsa.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Client install not working- errors
Look in that file for this sort of thing:dthommail wrote:Cannot load certificate file /etc/openvpn/easy-rsa/keys/client.crt <..> no start line:
Code: Select all
Certificate:
Data:
Version: <..>
Serial Number: <..>
Signature Algorithm: <..>
Issuer: <..>
Validity
Not Before: <..>
Not After : <..>
Subject: <..>
Subject Public Key Info:
Public Key Algorithm: <..>
Public-Key: (x bit)
pub:
<..>
ASN1 OID: <..>
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
<..>
X509v3 Authority Key Identifier:
keyid:<..>
DirName:<..>
serial: <..>
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm:
<..>
-----BEGIN CERTIFICATE-----
<..>
-----END CERTIFICATE-----
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
It follows your example up to Public-Key. The next line is Modulus: and then a whole bunch of hex number separated by colons and then "client.crt" 96L, 5488C.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Client install not working- errors
Did you create the cert with a password or without ?Traffic wrote:Yes, I used easy-rsa.
< ./easyrsa build-key > or < ./easyrsa build-client-full > will, by default, encrypt with a password .. use the nopass option to over-ride.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
I used:
cd /etc/openvpn/easy-rsa
./build-key client
where client is the name I use for the client machine since there is only one right now. I did not see an option for passwords at all.
cd /etc/openvpn/easy-rsa
./build-key client
where client is the name I use for the client machine since there is only one right now. I did not see an option for passwords at all.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Client install not working- errors
This means your client cert has been created with a password.dthommail wrote:I used:
cd /etc/openvpn/easy-rsa
./build-key client
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
Should I delete the old cert and create a new one? What is the password for?
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Client install not working- errors
Can you remember the password ?dthommail wrote:Should I delete the old cert and create a new one?
To encrypt your cert/key allowing a questionable * layer of security ..dthommail wrote:What is the password for?
- questionable * : Because a lot of people then store the password in plain text ..
https://community.openvpn.net/openvpn/wiki/EasyRSA
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Oct 07, 2015 11:02 am
Re: Client install not working- errors
I don't remember the password or being prompted to make one.