VERIFY FAIL -- bad ns-cert-type in leaf certificate

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
brised
OpenVpn Newbie
Posts: 1
Joined: Fri Aug 15, 2014 12:41 pm

VERIFY FAIL -- bad ns-cert-type in leaf certificate

Post by brised » Fri Aug 15, 2014 12:56 pm

After a bit of guidance here, I have an OpenVPN 2.3.4 server running on Windows, but when I try and connect an iPhone device to the server I get the log below....

2014-08-15 13:27:34 LZO-ASYM init swap=0 asym=0
2014-08-15 13:27:34 EVENT: RESOLVE
2014-08-15 13:27:34 Contacting 192.168.2.101:1194 via TCP
2014-08-15 13:27:34 EVENT: WAIT
2014-08-15 13:27:34 Connecting to 192.168.2.101:1194 (192.168.2.101) via TCPv4
2014-08-15 13:27:34 EVENT: CONNECTING
2014-08-15 13:27:34 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2014-08-15 13:27:34 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2014-08-15 13:27:34 VERIFY OK: depth=1
cert. version : 3
serial number : FB:F7:94:BC:FB:CE:F6:92
issuer name : CN=XXXXXX
subject name : CN=XXXXXX
issued on : 2014-08-12 20:06:42
expires on : 2024-08-09 20:06:42
signed using : RSA+SHA256
RSA key size : 2048 bits

2014-08-15 13:27:34 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : CN=XXXXXX
subject name : CN=server
issued on : 2014-08-12 22:36:16
expires on : 2024-08-09 22:36:16
signed using : RSA+SHA256
RSA key size : 2048 bits

2014-08-15 13:27:34 VERIFY FAIL -- bad ns-cert-type in leaf certificate
2014-08-15 13:27:34 Transport Error: PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
2014-08-15 13:27:34 EVENT: CERT_VERIFY_FAIL PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed [ERR]
2014-08-15 13:27:34 EVENT: DISCONNECTED
2014-08-15 13:27:34 Raw stats on disconnect:
BYTES_IN : 2152
BYTES_OUT : 494
PACKETS_IN : 13
PACKETS_OUT : 18
SSL_ERROR : 1
CERT_VERIFY_FAIL : 1
2014-08-15 13:27:34 Performance stats on disconnect:
CPU usage (microseconds): 27929
Network bytes per CPU second: 94740
Tunnel bytes per CPU second: 0
2014-08-15 13:27:34 ----- OpenVPN Stop -----
2014-08-15 13:27:34 EVENT: DISCONNECT_PENDING

I used EasyRSA-3.0.0-rc2 to create the CA and client certificates. I have delivered them to the iPhone via a Dropbox account and my config file are as follows. OpenVPN Connect did not complain about anything in the client configuration file until I try and connect.

Client.ovpn
client
dev tun
proto tcp
remote 192.168.2.101 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 5

<ca>
-----BEGIN CERTIFICATE-----
MI=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MI=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MM=
-----END ENCRYPTED PRIVATE KEY-----
</key>

Server configuration
local 192.168.2.101
port 1194
proto tcp
dev tun
dev-node MyVPN-Tap

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem"

server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-128-CBC # AES
comp-lzo
max-clients 50
persist-key
persist-tun
status openvpn-status.log
verb 6

Have searched the error on Google etc. but can't find what might be causing the issue. Any help very welcome.

Regards
Brised
Top
Post Reply

Return to “OpenVPN Connect (iOS)”