External certificate not found

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
elgranjeff
OpenVpn Newbie
Posts: 1
Joined: Sat May 21, 2022 7:54 pm

External certificate not found

Post by elgranjeff » Sat May 21, 2022 9:27 pm

Hello. I have an openvpn server configured and running on my pfsense router. I am using TLS encryption and auth, and I am attempting to use a certificate in my Android keychain. I have followed this procedure: https://openvpn.net/vpn-server-resource ... d-keychain
  1. I have created a p12 file using my root ca, intermediate ca, certificate, and key and configured an encryption password.
  2. I have imported my p12 using openvpn connect (I've also tried importing directly from android security menu in settings)
  3. I have removed the cert, ca, and key directives from my ovpn file
  4. I have imported the ovpn profile
As per the instructions, after importing the profile (without cert, ca, and key directives) I attempt to open the connection, I am asked to either continue without a certificate or select a certificate. When I click select certificate, I am immediately shown an error message that reads:
"There was an error attempting to connect to the selected server.
Error message: External certificate not found. Please select proper certificate for profile."

I have cleared app data, uninstalled, reinstalled, and ensured that the app has file and media permissions allowed with no permissions denied.
Perhaps openvpn doesn't support my certificate, though when I created it with pfsense, I used settings that were noted as compatible with openvpn.

Is there anything that I should be doing differently? Is there anything I can do to troubleshoot?

Please note that I have replaced my actual server hostname with myserver.example.com.

Any suggestions or advice are welcome.
Thank you!

sanitized client config

client
dev tun
remote myserver.example.com 1194 udp
cipher AES-256-GCM
auth SHA256
auth-user-pass
remote-cert-tls server
key-direction bidirectional

<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

Post Reply