Greetings,
I am struggling with OpenVPN for Docker: https://github.com/kylemanna/docker-openvpn
(Version 2.4.4)
My setup is the following:
- Root CA
- Intermediate CA 1
- Intermediate CA 2
- Server certified by Intermediate CA 1
- Client certified by Intermediate CA 2
Client used: OpenVPN for Android (6)
Certificates configuration:
-Server:
ca stacked.crt
cert server.crt
key server.key
-Client:
ca stacked.crt
cert client.crt
key client.key
I am getting the typical error: verify error depth=0 error=unable to get local issuer certificate
Any idea? I followed the chains guide: https://community.openvpn.net/openvpn/w ... ate_Chains
Thanks!
Setup two intermediate CA certs
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jul 03, 2018 10:09 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Setup two intermediate CA certs
That is not how the example you followed is created ..
Then you go on to use a "stacked" CA not, as the example explains, a "chained" certificate.
Please follow the example properly and let us know if it works then.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jul 03, 2018 10:09 am
Re: Setup two intermediate CA certs
Good morning,
I know that my PKI is different from the example (server cert is issued by an intermediate), that's why I tried the with the stacked. And modifying my PKI hierarchy is not an option.
I also tried the recommended configuration of the chains guide:
On the server:
ca ca.crt
cert server.crt
On the client:
ca ca.crt
cert chained.crt
But still with the "verify error depth=0 error=unable to get local issuer certificate"
Which configuration I should apply?
I know that my PKI is different from the example (server cert is issued by an intermediate), that's why I tried the with the stacked. And modifying my PKI hierarchy is not an option.
I also tried the recommended configuration of the chains guide:
On the server:
ca ca.crt
cert server.crt
On the client:
ca ca.crt
cert chained.crt
But still with the "verify error depth=0 error=unable to get local issuer certificate"
Which configuration I should apply?