External Certificate Signing Failed - with cert on YubiKey

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
davidarush
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 13, 2023 1:53 pm

External Certificate Signing Failed - with cert on YubiKey

Post by davidarush » Fri Oct 13, 2023 2:05 pm

I'm trying to connect a Mac (13" MBP, Intel, macOS Monterey 12.7) with OpenVPN Connect 3.4.4 to an OpenVPN server (community edition).

Authenticating with username, password, and certificate on a hardware token (YubiKey).

We have clients on Windows working with OpenVPN client (community edition) and and clients on Linux working with openvpn command-line client.

Following these instructions: https://openvpn.net/vpn-server-resource ... n-connect/ and the configuration goes exactly as expected - it finds the cert and keys on the token, but I can't connect.

When I try to connect it prompts for the YubiKey's PIN (and the YubiKey's LED flickers), then the conventional password, then fails with "External Certificate Signing Failed" message.

The client log file says: Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext:BIO_read failed, cap=2640 status=-1:error:0A080006:SSL routines::EVP lib

I've been unsuccessful in getting the libykcs11 logging capability to produce any output (at least none that I can find) with setting YKCS11_DBG=9 environment variable.

Any ideas?
Top
Post Reply

Return to “OpenVPN Connect (macOS)”