OpenVPN core error X509 the CRT/CRL/CSR format is invalid

anadolu
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 04, 2017 3:32 pm

OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Postby anadolu » Fri Aug 04, 2017 3:59 pm

Hello

I have an Asus AC3200 router running tomato. I set up OpenVPN from a PC successfully using the certificates and the key files created by Easy RSA 3.0.1. But all the efforts to use OpenVPN from my iPhone are failing with the following error:

OpenVPN Error: Polar SSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected


My .ovpn file is below:

Code: Select all

client
dev tun
proto tcp
remote mydomain.com 1195
auth-user-pass
resolv-retry infinite
nobind
persist-tun
persist-key
persist-remote-ip
tls-client
cipher AES-256-CBC
auth SHA256
ns-cert-type server
key-direction 1
comp-lzo
verb 3

<ca>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6XljydtiZCoCAggA

ooM=
-----END ENCRYPTED PRIVATE KEY-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIIGmDCCBICgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADCBiDELMAkGA1UEBhMCVVMx

X6UMwQyYeD098rsa
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----

</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
933b4e0a363e352e9071a4f37cde671f

2f8ccd174e4caa2da66cc5608350d6d5
-----END OpenVPN Static key V1-----
</tls-auth>


I emailed this file to the iPhone, then opened it by OpenVPN. As soon as i run it I get this error. Why? both ca.key and ta.keys work with my PC.

I appreciate your help. I will then set up my iPad accordingly. Thank you.

anadolu
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 04, 2017 3:32 pm

Re: OpenVPN core error X509 the CRT/CRL/CSR format is invalid

Postby anadolu » Fri Aug 04, 2017 8:27 pm

Hello,

Solved. The problem was

Code: Select all

-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----


it should have been

Code: Select all

-----BEGIN CERTIFICATE-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9

Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END CERTIFICATE-----


Return to “OpenVPN Connect (iOS)”

Who is online

Users browsing this forum: No registered users and 3 guests