OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
anadolu
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 04, 2017 3:32 pm

OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Post by anadolu » Fri Aug 04, 2017 3:59 pm

Hello

I have an Asus AC3200 router running tomato. I set up OpenVPN from a PC successfully using the certificates and the key files created by Easy RSA 3.0.1. But all the efforts to use OpenVPN from my iPhone are failing with the following error:
OpenVPN Error: Polar SSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
My .ovpn file is below:

Code: Select all

client
dev tun
proto tcp
remote mydomain.com 1195
auth-user-pass
resolv-retry infinite
nobind
persist-tun
persist-key
persist-remote-ip
tls-client
cipher AES-256-CBC
auth SHA256
ns-cert-type server
key-direction 1
comp-lzo
verb 3

<ca>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6XljydtiZCoCAggA

ooM=
-----END ENCRYPTED PRIVATE KEY-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIIGmDCCBICgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADCBiDELMAkGA1UEBhMCVVMx

X6UMwQyYeD098rsa
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----

</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
933b4e0a363e352e9071a4f37cde671f

2f8ccd174e4caa2da66cc5608350d6d5
-----END OpenVPN Static key V1-----
</tls-auth>
I emailed this file to the iPhone, then opened it by OpenVPN. As soon as i run it I get this error. Why? both ca.key and ta.keys work with my PC.

I appreciate your help. I will then set up my iPad accordingly. Thank you.

anadolu
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 04, 2017 3:32 pm

Re: OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Post by anadolu » Fri Aug 04, 2017 8:27 pm

Hello,

Solved. The problem was

Code: Select all

-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----
it should have been

Code: Select all

-----BEGIN CERTIFICATE-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END CERTIFICATE-----

glr1926
OpenVpn Newbie
Posts: 1
Joined: Tue Jul 23, 2019 9:48 am

Re: OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Post by glr1926 » Tue Jul 23, 2019 9:50 am

Pouvez-vous m'aider , j'ai le même message d'erreur .Merci

Code: Select all

dev tun
tls-client

remote x.x.x.x 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)



# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option 8.8.8.8

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</key>

<ca>
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
</ca>

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Post by TinCanTech » Tue Jul 23, 2019 12:24 pm

glr1926 wrote:
Tue Jul 23, 2019 9:50 am
Pouvez-vous m'aider , j'ai le même message d'erreur .Merci
Translation by google:
Can you help me, I have the same error message.
glr1926 wrote:
Tue Jul 23, 2019 9:50 am
<cert>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</cert>
A certificate is not a key.

Post Reply