Setup two intermediate CA certs

[enric1994]

Greetings,
I am struggling with OpenVPN for Docker: https://github.com/kylemanna/docker-openvpn
(Version 2.4.4)

My setup is the following:
- Root CA
- Intermediate CA 1
- Intermediate CA 2
- Server certified by Intermediate CA 1
- Client certified by Intermediate CA 2

Client used: OpenVPN for Android (6)

Certificates configuration:
-Server:
ca stacked.crt
cert server.crt
key server.key

-Client:
ca stacked.crt
cert client.crt
key client.key

I am getting the typical error: verify error depth=0 error=unable to get local issuer certificate


Any idea? I followed the chains guide: https://community.openvpn.net/openvpn/w ... ate_Chains

Thanks!

[TinCanTech]

My setup is the following:
- Root CA
- Intermediate CA 1
- Intermediate CA 2
- Server certified by Intermediate CA 1
- Client certified by Intermediate CA 2

That is not how the example you followed is created ..

Then you go on to use a "stacked" CA not, as the example explains, a "chained" certificate.

Please follow the example properly and let us know if it works then.

[enric1994]

Good morning,
I know that my PKI is different from the example (server cert is issued by an intermediate), that's why I tried the with the stacked. And modifying my PKI hierarchy is not an option.

I also tried the recommended configuration of the chains guide:
On the server:
ca ca.crt
cert server.crt
On the client:
ca ca.crt
cert chained.crt

But still with the "verify error depth=0 error=unable to get local issuer certificate"

Which configuration I should apply?