Connection Error X509 "Certificate Verification Failed"

Post Reply
bobdog
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 15, 2019 1:51 am

Connection Error X509 "Certificate Verification Failed"

Post by bobdog » Mon Jul 15, 2019 6:58 am

Hi guys,
I used a .ovpn file in a new iphone with IOS 12.3.1 and OpenVpn 3.0.2(894), but it could not connect to the server. This .ovpn file was used in another iphone with IOS 9.x.x and OpenVPN 1.0.5 build 177, it worked very well.

Error shown below:

"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"

Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
cert. version : 3
serial number : 01
issuer name :
subject name :
issued on : 2017-09-02 09:59:04
expires on : 2027-08-31 09:59:04
signed using : RSA with MD5
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
"
Thanks for your help!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection Error X509 "Certificate Verification Failed"

Post by TinCanTech » Mon Jul 15, 2019 11:37 am

bobdog wrote:
Mon Jul 15, 2019 6:58 am
"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"

Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
Looks like you need a new certificate.

bobdog
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 15, 2019 1:51 am

Re: Connection Error X509 "Certificate Verification Failed"

Post by bobdog » Tue Jul 16, 2019 2:30 am

TinCanTech wrote:
Mon Jul 15, 2019 11:37 am
bobdog wrote:
Mon Jul 15, 2019 6:58 am
"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"

Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
Looks like you need a new certificate.
The .ovpn file does not work under the latest IOS and openVPN version. I wonder why it could be used in IOS 9.x.x and OpenVPN 1.0.5 build 177?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection Error X509 "Certificate Verification Failed"

Post by TinCanTech » Tue Jul 16, 2019 12:59 pm

I expect your certificate is signed with either MD5 or SHA1 hash both of which have been considered to be insecure for quite some time. Now that you have upgraded your IOS client the new client will not use certificates signed with these old hash algorithms.

Post Reply