Intermediate CA certificate not found in unified profile - OpenVPN Connect Android

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
ohlookagnome
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 28, 2022 3:44 am

Intermediate CA certificate not found in unified profile - OpenVPN Connect Android

Post by ohlookagnome » Wed Dec 28, 2022 3:48 am

Intermediate CA certificate is not found when included in the <cert> tag of a unified .ovpn profile on OpenVPN Connect on Android.

Client certificate has been generated with intermediate CA certificate included, then added to the .ovpn file within the <cert> tag. The root CA certificate is included in the <ca> tag. This file configuration works for Windows clients connecting to the same server. However, Android clients time out, and the VPN server logs this error:
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: CN=[Android client CN]
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Moving the intermediate CA certificate from the end of the <cert> tag to the beginning of the <ca> tag in the same unified .ovpn profile allows the Android client to connect successfully.

Is this a bug? If so, how can I log a bug report? I tried logging a bug report with OpenVPN Support but they said it was only for the corporate solutions.

Post Reply