PolarSSL: error parsing ca certificate : X509

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

PolarSSL: error parsing ca certificate : X509

Post by dendrees » Mon Apr 03, 2017 5:19 pm

I am getting this error message when I want to connect to my vpn server from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]

I followed this guide https://www.brainfart.sg/index.php/2012 ... pn-config/ and I have embedded the CA/CRT/ and key files in the .ovpn file. Unfortunately I am unable to pass this error

This is my config;
CleintConfig
client
dev tun
proto udp
remote DDNSname 443
comp-lzo
redirect-gateway
nobind
persist-key
persist-tun
user nobody
group nogroup
resolv-retry infinite
<ca>
-----BEGIN CERTIFICATE-----
-ca file **
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
client certificate ***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
client key ***
-----END PRIVATE KEY-----
</key>

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Post by TinCanTech » Mon Apr 03, 2017 6:46 pm

How did you create your PKI ?

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Post by dendrees » Tue Apr 04, 2017 6:59 am

I have used this tutorial: https://advancedhomeserver.com/dd-wrt-a ... pn-part-1/
So with the Openvpn software on Windows and easy-rsa

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Post by TinCanTech » Tue Apr 04, 2017 12:45 pm

dendrees wrote:from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]
I imagine you have created a server cert and then used that in your client. Try again ..

See:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Post by dendrees » Tue Apr 04, 2017 1:47 pm

| am very sure I have embedded to CA.crt / Client1.cert and Client.key in the openvpn file multiple times.
Can it be something else?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Post by TinCanTech » Tue Apr 04, 2017 2:35 pm

Re-reading this:
dendrees wrote:from my iPhone:
EVENT: CORE_error PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]
Perhaps you have not used the CA.crt ..

The quick solution is to just try all over again from scratch.

dendrees
OpenVpn Newbie
Posts: 8
Joined: Sat Apr 01, 2017 9:50 am

Re: PolarSSL: error parsing ca certificate : X509

Post by dendrees » Wed Apr 05, 2017 9:19 am

Did that already twice. On Windows I don't get any error related to the parsing of the CA certificate with the same CA I have used on my iPhone.
It attempts to make a connection to the "correct" external Ip and correct port. It's only stuck on this line:
Wed Apr 05 08:57:37 2017 us=704506 MANAGEMENT: >STATE:1491375457,WAIT,,,,,,
After that nothing happens. It cannot reach the vpn server I guess.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PolarSSL: error parsing ca certificate : X509

Post by TinCanTech » Wed Apr 05, 2017 12:38 pm

Please post your complete client config showing the inline certs in full so we can see what you have.

(Change some random numbers in the details so they are invalid certs, do not use BBCode oconf=
and I will ask a mod to see that your private details are not leaked)

Thanks

Post Reply