Open VPN TLS Handshake Error

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
ramin_malek
OpenVpn Newbie
Posts: 11
Joined: Fri Mar 29, 2013 9:53 pm

Open VPN TLS Handshake Error

Post by ramin_malek » Sun Jul 04, 2021 6:58 am

Hi Dear Friend I Config openvpn server Import CA and copy ca to config file
change openvpn version but still in client log is

Sun Jul 04 11:25:56 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sun Jul 04 11:25:56 2021 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 04 11:25:56 2021 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 04 11:25:56 2021 TLS Error: TLS handshake failed

I change Dh Size and port and protocol But problem still exists

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open VPN TLS Handshake Error

Post by TinCanTech » Sun Jul 04, 2021 8:44 pm

ramin_malek wrote:
Sun Jul 04, 2021 6:58 am
OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
You need to fix your server certificate.

viewtopic.php?f=30&t=22603

paquette
OpenVpn Newbie
Posts: 7
Joined: Sat Aug 31, 2013 1:48 pm

Re: Open VPN TLS Handshake Error

Post by paquette » Sun Sep 10, 2023 6:54 pm

After my old certificates expired a few days ago, I created new certificates (in large part due to some timely tips from TinCanTech) I cannot connect to my OpenVPN server from OpenVPN clients with them. I have checked and rechecked the certificates and my installation of them and I am sure everything is right. Nonetheless my OpenVPN clients are not completing TLS handshake with my server (the server log is not showing anything suspicious but client is failing to verify server certificate:
Sun Sep 10 13:33:58 2023 us=398688 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Sep 10 13:33:58 2023 us=398688 TLS_ERROR: BIO read tls_read_plaintext error
Sun Sep 10 13:33:58 2023 us=398688 TLS Error: TLS object -> incoming plaintext read error
Sun Sep 10 13:33:58 2023 us=398688 TLS Error: TLS handshake failed
Sun Sep 10 13:33:58 2023 us=399687 TCP/UDP: Closing socket
I spent some time looking through forum threads at your viewtopic.php?f=30&t=22603 reference but can't see anything about "fixing" a certificate when experiencing this problem. Could anyone provide a clearer reference on "fixing" certificate(s) newly created by the latest version of EasyRSA--or even ideas about why they might require "fixing?"

Thanks in advance

Post Reply