External cert not found after migrating to new iphone

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
HenryL
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 17, 2022 11:21 pm

External cert not found after migrating to new iphone

Post by HenryL » Thu Dec 15, 2022 3:22 pm

Having recently been forced to upgrade from my old iphone 5S (ios12), after a data migration to the new(er) iphone SE (ios16) from backup held on desktop mac (not phone-to-phone transfer) the Connect app (ver 3.3.2, 5086) now just gives me "External Certificate Not Found" error if I try to use either of my installed profiles. (EPKI_INVALID_ALIAS, EPKI_ERROR, external_pki_error: identity not found).

I tried deleting the cert P12 from within the app, then re-installing a fresh copy (.ovpn12) via the app, but it has made no difference.

It had been working fine on the old phone although had not needed to use it for a while so I'm not sure how the timings might line up with updates of the app. Anwyay I got the old phone out again to see if it still worked there... It has the same 3.3.2 version of 'connect' and I do NOT get the same error on the old phone, it is evidently finding the cert ok ("Keychain Cert Extraction: 1 certificate(s) found"), but exasperatingly it has mysteriously acquired another problem although I have changed nothing in the solution/config. It now does not connect, getting 'server poll timeout'. At the server I am seeing 'UNDEF common name' (and user name). All the config data seems to be in place as usual at the server. I haven't looked further into this problem yet, but I mention it in case it gives a clue/linkage with the complete stoppage problem on the new phone.

I have struggled to find any relevant information about migrating to new iphones, any differences in cert handling, or this particular error.

Help much appreciated.
Thanks/ Henry

HenryL
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 17, 2022 11:21 pm

Re: External cert not found after migrating to new iphone

Post by HenryL » Mon Dec 19, 2022 6:04 pm

BTW it's a self-generated/signed certificate.

Why does the connect app not find it now on the new phone even though it seemingly installed it itself OK into the keystore ? (no apparent errors on importing the P12)

Would deleting and re-installing the profiles do anything useful? (I'll try it anyway in due course).

Did the handling of the cert store change impactfully at some point along the recent iphone/ios evolution?

Post Reply