Hi all,
from the day to day I`m not able to connect to my ovpn server with the "remote-cert-tls server" option in config file.
The attempt to login ends with
2022-03-26 21:42:43 Certificate does not have key usage extension
2022-03-26 21:42:43 VERIFY KU ERROR
The strange is, that there were no config changes, no updates as I know. Simply in the Friday I was able to connect and in the Monday I cannot.
Do you have any idea what can be wrong ?
Regards
Marek
VERIFY KU ERROR
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: VERIFY KU ERROR
Because your server certificate is too old.
gremlins.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Mar 29, 2022 1:35 pm
Re: VERIFY KU ERROR
unfortunatelly this is not only my problem but all user with option
remote-cert-tls server
are not able to login.
remote-cert-tls server
are not able to login.
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Mar 29, 2022 1:35 pm
Re: VERIFY KU ERROR
I know, but it is not safe
and i need to know what happedned
and i need to know what happedned
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: VERIFY KU ERROR
You changed something and broke it.
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: VERIFY KU ERROR
If you want to know why because that is the way how support work on here. the first time you create openvpn server with default setting on create certificate that is basic and work as your system. now you are looking some info from internet and try some more advanced then it not work as you expect. If you and your user want it you have two option here. buy an support some someone can help you or making the whole openvpn server certificate again with adding extension or you must do it by yourselves to make it work . that is the way how open scourge software continuing evolving .you only been given out half of function and if you want more should pay for it.
In order correctly it you need edit openssl config and add entry on KU extension then create certificate again.