Cannot load certificate THUMB from Microsoft Certificate Store
Posted: Fri Dec 29, 2017 4:51 pm
I could use some assistance. I am setting up a Synology NAS as the VPN server.
I stored the cert with the thumbprint under Computer Account > Personal > Certifactes
I am following the user pwatk directions for the setup https://forum.synology.com/enu/viewtopic.php?t=100066
The server log says
Fri Dec 29 10:40:45 2017 Warning: cryptapicert used, setting maximum TLS version to 1.1.
Fri Dec 29 10:40:45 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Fri Dec 29 10:40:45 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Dec 29 10:40:45 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Fri Dec 29 10:40:50 2017 OpenSSL: error:C5065064:microsoft cryptoapi:CertFindCertificateInStore:Cannot find object or property.
Fri Dec 29 10:40:50 2017 Cannot load certificate "THUMB:MY THUMB PRINT" from Microsoft Certificate Store
Fri Dec 29 10:40:50 2017 Exiting due to fatal error
client
dev tun
proto udp
remote $MyPublicIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#ns-cert-type is DEPRECATED
#ns-cert-type server
remote-cert-tls server
comp-lzo
cipher AES-128-CBC
auth SHA256
auth-user-pass
key-direction 1
cryptoapicert "THUMB:MY THUMB"
<ca>
</ca>
<tls-auth>
<ca>
<ca>
-----BEGIN CERTIFICATE-----
$LONG CERT
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
$LONG KEY
-----END OpenVPN Static key V1-----
</tls-auth>
I stored the cert with the thumbprint under Computer Account > Personal > Certifactes
I am following the user pwatk directions for the setup https://forum.synology.com/enu/viewtopic.php?t=100066
The server log says
Fri Dec 29 10:40:45 2017 Warning: cryptapicert used, setting maximum TLS version to 1.1.
Fri Dec 29 10:40:45 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Fri Dec 29 10:40:45 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Dec 29 10:40:45 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Fri Dec 29 10:40:50 2017 OpenSSL: error:C5065064:microsoft cryptoapi:CertFindCertificateInStore:Cannot find object or property.
Fri Dec 29 10:40:50 2017 Cannot load certificate "THUMB:MY THUMB PRINT" from Microsoft Certificate Store
Fri Dec 29 10:40:50 2017 Exiting due to fatal error
client
dev tun
proto udp
remote $MyPublicIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#ns-cert-type is DEPRECATED
#ns-cert-type server
remote-cert-tls server
comp-lzo
cipher AES-128-CBC
auth SHA256
auth-user-pass
key-direction 1
cryptoapicert "THUMB:MY THUMB"
<ca>
</ca>
<tls-auth>
<ca>
<ca>
-----BEGIN CERTIFICATE-----
$LONG CERT
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
$LONG KEY
-----END OpenVPN Static key V1-----
</tls-auth>