OpenVPN Connect certificate error

[Nucleardragon]

Do I understand correctly that the private client key file must be in the RSA (----- BEGIN RSA PRIVATE KEY -----)?
That is, need to do convert to the RSA format
Example:

Code: Select all

openssl rsa-in client.key-out client_rsa.key

Some forums claim that it is necessary - but it is not.
At least my iOS OpenVPN client doesn't work with the key in the RSA format

[R1200CL]

Right, make sure to include a ca directive in your profile, even if you are using a PKCS#12 cert/key pair from the Keychain. On iOS in particular, OpenVPN is NOT able to access the CA list included in PKCS#12 files that were imported into the iOS Keychain.

If the ca directive is not included, you will see errors such as this:

• PolarSSL: error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected

or

• PolarSSL: ca certificate is undefined

You can extract the CA list from the PKCS12 file using this openssl command:

Code: Select all

openssl pkcs12 -in client.p12 -cacerts -nokeys -out ca.crt

Then add a reference to ca.crt in your profile

Code: Select all

ca ca.crt

or expand the certs inline such as

Code: Select all

<ca>
[paste contents of ca.crt here]
</ca>

Is it possible to Get a better explaination how to do this ?
I also use IpCop with OpenVPN, and I taken the PKCS12 file and certificate into the iOS open vpn app, and also get the same error..

I'm not able to understand how to implement the above solution.

[R1200CL]

Hi guys, first of all, let me thank you for the official OpenVPN client for iOS - feature, which was really missed! Good job!

Now to my question/problem. I have an IPCop firewall running an OpenVPN server, which works well for all the Windows clients, the firewall provides GUI to setup the server and also sort of "all-in-one" ZIP package to copy to clients - it's basically a .ovpn file with .p12 file for authentication.
Also there are certificates created during the setup of the OpenVPN server.
Now, when I extract this ZIP package to Windows OpenVPN GUI client, I can connect in one click, all I need is to input password and that's it. But, when I'm trying to use the same files on my iOS devices (iP4S and iPad 3rd gen, both iOS 6.0.1), I get an error regarding format of certificate used, for example:

Code: Select all

2013-01-22 20:05:10 ----- OpenVPN Start -----
2013-01-22 20:05:10 EVENT: CORE_ERROR PolarSSL: error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected [ERR]
2013-01-22 20:05:10 Raw stats on disconnect:
2013-01-22 20:05:10 Performance stats on disconnect:
  CPU usage (microseconds): 11989
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0
2013-01-22 20:05:10 ----- OpenVPN Stop -----
2013-01-22 20:05:10 EVENT: DISCONNECT_PENDING

Basically all I do, is import the .p12 file into my iOS Keychain, install it there (it says it's a "certificate") and then select it in the OpenVPN Connect app.
So what am I doing wrong? Please keep in mind that I'm new at this, and this is literally the first time I'm setting something like this up myself (PC or mobile device).

Thanks in advance for reply.

Kind regards,
Roman.

Hi Roman

Can you try to explain how you solved this issue ?
Some sort of step by step guide