PolarSSL: error parsing ca certificate : X509

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

PolarSSL: error parsing ca certificate : X509

Postby dendrees » Mon Apr 03, 2017 5:19 pm

I am getting this error message when I want to connect to my vpn server from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]

I followed this guide https://www.brainfart.sg/index.php/2012 ... pn-config/ and I have embedded the CA/CRT/ and key files in the .ovpn file. Unfortunately I am unable to pass this error

This is my config;
CleintConfig
client
dev tun
proto udp
remote DDNSname 443
comp-lzo
redirect-gateway
nobind
persist-key
persist-tun
user nobody
group nogroup
resolv-retry infinite
<ca>
-----BEGIN CERTIFICATE-----
-ca file **
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
client certificate ***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
client key ***
-----END PRIVATE KEY-----
</key>

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2113
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Postby TinCanTech » Mon Apr 03, 2017 6:46 pm

How did you create your PKI ?

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Postby dendrees » Tue Apr 04, 2017 6:59 am

I have used this tutorial: https://advancedhomeserver.com/dd-wrt-a ... pn-part-1/
So with the Openvpn software on Windows and easy-rsa

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2113
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Postby TinCanTech » Tue Apr 04, 2017 12:45 pm

dendrees wrote:from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]
I imagine you have created a server cert and then used that in your client. Try again ..

See:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Postby dendrees » Tue Apr 04, 2017 1:47 pm

| am very sure I have embedded to CA.crt / Client1.cert and Client.key in the openvpn file multiple times.
Can it be something else?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2113
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Postby TinCanTech » Tue Apr 04, 2017 2:35 pm

Re-reading this:
dendrees wrote:from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]
Perhaps you have not used the CA.crt ..

The quick solution is to just try all over again from scratch.

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Postby dendrees » Wed Apr 05, 2017 9:19 am

Did that already twice. On Windows I don't get any error related to the parsing of the CA certificate with the same CA I have used on my iPhone.
It attempts to make a connection to the "correct" external Ip and correct port. It's only stuck on this line:
Wed Apr 05 08:57:37 2017 us=704506 MANAGEMENT: >STATE:1491375457,WAIT,,,,,,
After that nothing happens. It cannot reach the vpn server I guess.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2113
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Postby TinCanTech » Wed Apr 05, 2017 12:38 pm

Please post your complete client config showing the inline certs in full so we can see what you have.

(Change some random numbers in the details so they are invalid certs, do not use BBCode oconf=
and I will ask a mod to see that your private details are not leaked)

Thanks


Return to “OpenVPN Connect (iOS)”

Who is online

Users browsing this forum: No registered users and 2 guests