Openvpn mesages log certificate expired and tls shake failed.

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Flavio_Analista
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 08, 2021 12:40 am

Openvpn mesages log certificate expired and tls shake failed.

Post by Flavio_Analista » Mon Feb 08, 2021 12:44 am

Guys,
I need help.
I have um openvpn server that show messages log "CRL HAS EXPIRED" AND "ERROR TLS HANDSHAKE FAILED".
Thank you.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn mesages log certificate expired and tls shake failed.

Post by TinCanTech » Mon Feb 08, 2021 1:09 am


Flavio_Analista
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 08, 2021 12:40 am

Re: Openvpn mesages log certificate expired and tls shake failed.

Post by Flavio_Analista » Tue Feb 16, 2021 6:20 pm

Flavio_Analista wrote:
Mon Feb 08, 2021 12:44 am
Guys,
I need help.
I have um openvpn server that show messages log "CRL HAS EXPIRED" AND "ERROR TLS HANDSHAKE FAILED".
Thank you.
In server log:
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS_ERROR: BIO read tls_read_plaintext error
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS Error: TLS object -> incoming plaintext read error
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS Error: TLS handshake failed

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn mesages log certificate expired and tls shake failed.

Post by TinCanTech » Tue Feb 16, 2021 6:23 pm

TinCanTech wrote:
Mon Feb 08, 2021 1:09 am
Written for you:
viewtopic.php?f=30&t=22603
:roll:

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Openvpn mesages log certificate expired and tls shake failed.

Post by openvpn_inc » Thu Feb 18, 2021 12:34 pm

Hello Flavio_Analista,

Are you using the OpenVPN Access Server program on the server side?

> SSL routines:ssl3_get_client_certificate:certificate verify failed

That error usually means your CA certificate and/or client certificate has expired. The solution there is to replace them.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

RDL
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 25, 2021 8:00 am

Re: Openvpn mesages log certificate expired and tls shake failed.

Post by RDL » Thu Feb 25, 2021 8:07 am

Hello,

I am getting also same error in newly generated Certificates.the exact error is

2021-02-25 13:36:31.661606 VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
2021-02-25 13:36:31.661666 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-02-25 13:36:31.661678 TLS_ERROR: BIO read tls_read_plaintext error
2021-02-25 13:36:31.661686 TLS Error: TLS object -> incoming plaintext read error
2021-02-25 13:36:31.661694 TLS Error: TLS handshake failed
2021-02-25 13:36:31.661920 SIGUSR1[soft,tls-error] received, process restarting

Please help,stuck on the error since a week

Thanks

Post Reply