Should the common name be different in server and client?

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
anobody
OpenVpn Newbie
Posts: 2
Joined: Mon Dec 22, 2014 4:49 am

Should the common name be different in server and client?

Post by anobody » Mon Dec 22, 2014 5:27 am

HI,

I though the the KEY_CN should be unique, so I gemerated both server and client certificates signed locally using different CN serve and client:

pkitool --sign "local" server

pkitool --sign "local" client

The certificate parameters between the server and client are the same except the CN, but I got TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Dec 22 05:22:20 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 22 05:22:20 2014 TLS Error: TLS handshake failed

What could I be missing here?

Thank you.

- j
Top
anobody
OpenVpn Newbie
Posts: 2
Joined: Mon Dec 22, 2014 4:49 am

Re: Should the common name be different in server and client

Post by anobody » Mon Jan 05, 2015 1:47 am

Thanks! Problem solve :)
Top
Post Reply

Return to “Cert / Config management”